Introducing ChatGPT’s Evil Twin

Рет қаралды 215,145

Seytonic

Күн бұрын

Пікірлер: 323

@A_GoogIe_User Жыл бұрын

If i had seen the smartcard attack in a movie I would have rolled my eyes and said 'What complete nonsense'

@Mitch-xo1rd Жыл бұрын

It is an insane attack, makes my wonder what else might be vulnerable to related attacks. Could one of those phisical 2fa devices that generate changing codes periodically have seed values leaked through the flickering of the screen's brightness? Or could you steal a monero miners' private keys by watching the power meter outside their house? Could this be used to expose ssh private keys on low performance vps boxes based on CPU usage data that tech support has Access to? (Yes to the last question, an attack vector that is 100% plausible)

@repatch43 Жыл бұрын

Same! It’s full Mr Robot, but real!

@dennis8196 Жыл бұрын

It's far from the first time this (air-gapped password extraction) has been done in a research setting, and realistically it's (this type) not going to happen unless the DVR used is saving footage at the same FPS as the camera, and this never happens. Storage costs money, so the DVR usually records using lower FPS (often as low as 15 FPS but usually 20FPS, and some only record at 5 FPS), and the compression used will often smooth out the flickering even at full FPS. Additionally, CCTV, when installed correctly the camera, and DVR settings are chosen for the location, so monitoring a doorwaywarrents a slow FPS just to get a look at the person gaining access and a timestamp, not to see every detail, so this in real world situations would be unrealistic. However removing a reader, attaching an Atmel or ESP based UART or I2c logger is trivial, quick and inexpensive. The ones I've played with are under a tenner, detect what communications it's using and saves the data to a microSD and can be powered from anything between 3.3V and 12.5V thanks to onboard DC-DC converter meaning they can piggyback on the card reader power supply.

@s0kulite Жыл бұрын

@@dennis8196yo smart guy you making me wanna learn more

@uncertaintytoworldpeace3650 Жыл бұрын

So is this why no one has coded a thread platform like Reddit but usable? They all get hacked before launch or something?

@seenbelow Жыл бұрын

"ChatGPT's creator OpenAI isn't too happy about this" - as if they didn't know this was coming. If they didn't, that's probably the greatest oversight in history.

@mrbanana6464 Жыл бұрын

Why does OpenAI care it's not like they have any affiliation with it.

@uncertaintytoworldpeace3650 Жыл бұрын

@@mrbanana6464are you stupid? What we all live on independent planets entirely separate from eachother or something? Nah man real world has consequences

@uncertaintytoworldpeace3650 Жыл бұрын

@@mrbanana6464how does all of human become so morally anhedonic?

@jondunn9542 Жыл бұрын

thats cause theyre gonna sell the solution

@paulfrayne6519 Жыл бұрын

I wonder if white hackers are making a good defence version?

@mapl3mage Жыл бұрын

hackers going through all that effort when the reception desk will literally give them the keys if they simply ask. they don't even try to confirm that you're a guest by asking for your id, etc. this is a real security issue that still persists, as was shown in some other youtube channels.

@TheSpacecraftX Жыл бұрын

Less likely in a government facility or at a business that’s a contractor to the military. I’m starting a job at a software company that works with military contractors and requires everyone to have a security clearance. I couldn’t even get to the reception without someone else letting me in. Imagine trying to convince them that this new face who showed up unannounced is allowed in the secret secured section of the building when they have like 5 people who know everyone who is allowed in there on site that they can ask to verify. It’s theoretically possible but very hard. Hotel rooms are not the real targets for exploits like this.

@ΙΜΜυΝΙΤΥ Жыл бұрын

@@TheSpacecraftX i think he just means like normal hotels because robbers can easily steal by just getting a free key

@mapl3mage Жыл бұрын

@@ΙΜΜυΝΙΤΥ yea, that's what i meant

@freedustin Жыл бұрын

Difference is the front desk has HD cameras with audio so they got you. Making your own keys you get to bypass the front desk and just go straight to the room door and you look like a legit customer just going to their room.

@Mitch-xo1rd Жыл бұрын

@@TheSpacecraftXalso it is not unheard of for military contractors with important tech/intelligence to stay at civilization hotels. So it is just a waiting game for them to go off base.

@undivided_unified Жыл бұрын

Thanks for always breaking down the juicy bits of the dark side of the web....

@GR3AT3ST Жыл бұрын

As always, thank you so much for the quality of your research and videos! I love this channel so much

@Seytonic Жыл бұрын

Hey, thanks my dude! Really appreciate it :)

@s0ulished Жыл бұрын

You Made His day!

@phiuzu5487 Жыл бұрын

@@SeytonicHey can you respond to my comment at the main comment section?

@Maltinis Жыл бұрын

I am always amazed how clever some people are finding most crazy ways of hacking stuff. Seytonic you are the best!

@BillAnt Жыл бұрын

And then a 2cent smoothing capacitor or covering or removing the LED renders all that work useless. lol

@chanpasadopolska Жыл бұрын

Another idea: NestleGPT, chatbot that argues that all water should be owned by private corporations

@qdaniele97 Жыл бұрын

And is in control of a large private army. Wait... So Nestlè is just one AI away from becoming the Umbrella Corporation.

@Chrissmth Жыл бұрын

And that we must destroy a country so it has to rely on us for generations to keep their offspring alive and to once again bring capitalism to the world! Oh wait they paid tyrants to stay in power so they can continue getting cheap resources.

@A.I.C.U.8.1.2 9 ай бұрын

With that will Have to come 3rd World GPT!

@Seytonic Жыл бұрын

Bit late with this one guys! But I've returned from my break and am back to the usual schedule :)

@merkel_user Жыл бұрын

Still high quality as always so it’s fine;)

@DiluteOxygen Жыл бұрын

Love you seytonic! ❤

@internet_userr Жыл бұрын

Big on quality, lidl on...

@motherchuckair404 Жыл бұрын

Hey Seytonic, please cover about the current status of darknet markets. It would mean a lot, especially on an update for AlphaBay, a market you last covered a year ago now. Thanks, and take care! :)

@TechnoBots1 Жыл бұрын

I’m excited when inevitably a gpt level model with no corporate lobotomy is released.

@darknessblades Жыл бұрын

And here I expected it to be a UNFILTERED ChatGPT version

@futuristicentity2417 Жыл бұрын

ChatGPT is useless use your head and enhance your Intelligence I wish they'd shut down ChatGPT it's virtually just a botting software.....

@toast6375 Жыл бұрын

⁠@@futuristicentity2417prove it by stating the history of the ottomans without saying they, it, or the. while making Star Wars references. You have 10 seconds

@-UE-PR0 Жыл бұрын

Bro that’s what it is

@monkemode8128 Жыл бұрын

I feel like tools like these will help a lot with phishing campaigns more so than the programming side. Scammers can send and respond to millions of messages automatically in a more personal way. It could try to gain tons of peoples trust, filtering out people who likely wouldn't fall for it, and then either try to infect/social engineer them directly or passing the task onto a human scammer.

@AdRoPol Жыл бұрын

or they can merge the two, use it to create malware and then use the phishing aspect to get that malware on the victims computer

@devgilmore Жыл бұрын

Any phisher who has experience in the English language and social engineering techniques would be able to create an email like that in 5 minutes. I think it could help speed up the process a bit, and can definitely help scammers who don't speak the targets language, but other than that it doesn't seem like much of an innovation. Plus, the email in the example prompt shown in the video is vague and oddly urgent. Yes, it does sound professional, but a lot of social engineering comes from knowing the target, which GPT can't do (yet 😬😐).

@monkemode8128 Жыл бұрын

@@devgilmore If a scammer even just took 1 minute to come up with a personalized message that woud only be 60 messages an hour. AI models could easily handle at least hundreds per hour and it would work 24/7.

@CrittingOut Жыл бұрын

For sure

@devgilmore Жыл бұрын

@@monkemode8128 That is true, I guess it depends on the target audience, if it is specific or broad.

@JazevoAudiosurf Жыл бұрын

the cctv hack is nuts. I bet there are tons of invisible security issues like that everywhere. once we have AGI, it won't be difficult to find those

@chri-k Жыл бұрын

it’s unrealistic. Real CCTV has horrible resolution, framerate, and most cameras do not have enough optical zoom, if they have any at all. Any sort of compression will completely negate this even if that is not the case.

@SioxerNikita Жыл бұрын

For the last one, a separate power network for the LED would also work, but yeah, stupidly easy to fix XD

@LuxiBelle Жыл бұрын

This guy taking money from whitehats and hackers is like an arms dealer funding both sides of a war.

@manshafee Жыл бұрын

Always with the best cyber news, welcome back seytonic!

@flowerpt Жыл бұрын

Whoah, that rolling-shutter attack is damn clever. I've warned my adult child living in a city to cover up the LED's. Thanks, dude.

@sigstackfault Жыл бұрын

Ironically, those headlines you read were probably also written by chatgpt

@steve7814 Жыл бұрын

Phone phreaking, door phreaking has entered the chat.

@squid13579 Жыл бұрын

This tool will also help for security research and secure code auditor and other code security teams as well. Nice video.

@srikard1564 Жыл бұрын

Wildest news after a long time

@merkel_user Жыл бұрын

A malicious ai? I wonder how good it is for other tasks like make a joke about tomato’s chat gpt failed. Maybe its better in unexpected ways?

@georhodiumgeo9827 Жыл бұрын

"Add an led, it will be pretty" they said.

@MStrong95 Жыл бұрын

Probably the best thing a smart card reader manufacturer could do is to troll observers and just spit out nonsense so that an attacker might think it's working at first but just waste a bunch of their time and resources in the long term

@qdaniele97 Жыл бұрын

Way too expensive on a large scale

@TheAechBomb 6 ай бұрын

@@qdaniele97all it takes is a firmware update

@Squeeekii Жыл бұрын

love the videos as always, have a great weekend Seytonic and Chat :)

@blackneos940 Жыл бұрын

This is just like the precursor events to the story "I Have No Mouth, And I Must Scream".

@punishedgwynie Жыл бұрын

show how smart the US military is. thank God these people are the world police. things are awesome and epic!

@rogercroft3218 Жыл бұрын

Like google and wikipedia tools like wormGPT would probably be most useful for people who are already skilled and knowledgable. They can use it in a more sophisticated way for research and suggestions which they know how to evaluate. It's more likely to lead beginners and the unskilled astray.

@midimusicforever Жыл бұрын

Sounds like making a chat-gpt clone can be some serious profit.

@mattstorm360 Жыл бұрын

Hacking door with CCTV cameras? Finally, i can live my watch dogs fantasy! Only to realize it's not the same. Still. Impressive.

@lanecolvin95 Жыл бұрын

I think the new ai tool will probably indirectly tell on people who don't know what they are doing

@alethephobe7586 Жыл бұрын

Best cybernews channel ever, thanks for another great vid, keep up the good work

@nomore-constipation Жыл бұрын

It's funny how the public in general doesn't understand the technology but will absolutely jump on anything that touches on a "clickbait-y" article/video Only a few of my family know my passion around security (including my knowledge) when it comes to technology (and fewer yet are the friends who know) But I love bringing up onion type articles and issues that might initially look big. It's amazing how quickly they just gloss over anything. Including phishing emails or phone call scammers. I usually try and shock them back to the real world

@raymondeldred977 Жыл бұрын

By onion type articles you wouldn't meen between tha spaces would you??

@raymondeldred977 Жыл бұрын

By onion type articles you wouldn't meen between tha spaces would you??

@unflexian Жыл бұрын

there's an amazing video about how science journalism affects us, called "the mass extinction debates".

@test-rj2vl Жыл бұрын

Seeing how ChatGPT gets sometimes wrong quite simple stuff like recursive directory traversing or simple string replacing scripts, I don't think that this new GPT will somehow magically find all the zerodays in the world.

@RoronoaZorosHaki Жыл бұрын

The NSA has been able to read charges in cpu voltage in order to crack pretty good encryption since at least 2013

@CDNTVMedia Жыл бұрын

This channel is awesome 👏

@stamdar1 Жыл бұрын

would be nice if the desc had links to articles for each topic, but nobody ever cites their sources on this platform

@BurnerWah Жыл бұрын

I was in a hotel relatively recently that just used nfc cards for their hotel doors lol I could read the data on them without issue

@Rolandfart Жыл бұрын

Worm gpt does sound like an interesting educational tool.

@skeginaldp1533 Жыл бұрын

Haaaa

@whodis4097 6 ай бұрын

"Security researcher have hacked doors with security cameras." Aiden Pearce: ...

@IndyAdvant Жыл бұрын

One of the most interesting videos yet!

@dsgdsg9764 Жыл бұрын

Thank you so much for the information about Molly it's very important to me right

@rinokpp1692 6 ай бұрын

Do u want the worm gpt I know a seller that I bought from

@anon_y_mousse Жыл бұрын

Quite frankly, I'm more interested in how they exploit the rolling shutter to get extra frames per second. If that technique is generic enough it'd be interesting to play with it using an old digital camera I have laying about. It's only a garbage 8mp camera, and it's probably old enough now to get a learner's permit, but it would be fun.

@jaqhass Жыл бұрын

When people, who aren't even able to search forums, join it's usually payday.

@oof8756 Жыл бұрын

love these videos

@stefanjohansson2373 Жыл бұрын

13:12 Before the LEDs on card readers there where a lot of hacking around LEDs on routers and computers…

@ferro9926 Жыл бұрын

How did looking up the water content of a worm lead me here (i was trying to see if microwaving fish could kill parasites that cooking might not kill)

@tanakablack5271 Жыл бұрын

So in short...we all are now on FBI suspects list for creating Worm GPT....

@jimgrayson4828 Жыл бұрын

This was made by the guys who want us to learn how to install the rat lol

@Kenionatus Жыл бұрын

New card readers might be safe, but no way every high security user of smartcards will cover up the lights or replace their system entirely in the next few decades.

@deatheternal720 Жыл бұрын

.....imagine being a pentagon employee sending password in cleartext via EMAIL

@scorcism. Жыл бұрын

i always wonder how to access these dark web forums and from where you get all this.

@jaborl Жыл бұрын

the tool in this video is on hackforums

@tomaszkarwik6357 Жыл бұрын

1:43 a fine tune of gpt-j. XD. Not even llama

@atierintel Жыл бұрын

Seytonic uploads, I click.

@jacktringoli3299 Жыл бұрын

Although worm gpt was intended for malicious purposes it would be an incredible tool to help learn about security and understand how malicious content works that way you can secure things more effectively shit my first thought was about using that thing to test my own security and figure out how to improve it but it sucks something like that could never be safe to really have out there so we gotta practice hacking windows 98 to learn about security I mean I get a lot of people will do bad things with it but even more good people would do even better things and it'll be a constant back and forth with the outcome always being improved security every time but at a much faster rate than now besides criminals are going to get their hands on it and use it regardless and will keep it alive even if this gets taken down someone else will put it back up or a different version or make a new one and just improve their abilities at a faster rate while people securing stuff just have to keep figuring stuff out at normal human non AI assisted speeds UNLESS someone made a white hat focused gpt with no restrictions so people can learn how to defend all types of things call it bird gpt cause birds eat worms so idk I'm just saying

@xTwistCinema Жыл бұрын

I’m completely with you on this. OpenAI was initially created with the word Open as an intentional term. It was intended to allow for complete creativity in its use case. People complaining about this (although I understand the ethics of this gpt interpreter are questionable from face value) maybe don’t quite understand the direction of control and censorship that the major AI companies like OpenAI, Bard, etc., hold and monopolise over such content. In my opinion, GPT interpretations like WormGPT should exist. An open market means good and bad, people should be able to choose how they use their tool, without other bodies restricting their ability to do so. AI is now a tool for everyone, just as much of a tool like a hammer is to a labourer, you use a hammer for hammering nails and it does the job just great. Just because someone else says you can use this hammer to also hurt someone, does not mean that the hammer should be changed.

@IllD. Жыл бұрын

SHODAN here we come!

@ediik Жыл бұрын

the RFID thing is Wild...

@SacredOm369 Жыл бұрын

riiiight im going to trust a hacker to sell me a program...

@TheGoldNinja101 Жыл бұрын

is carrying WormGPT! Scammers is carrying WormGPT! Hackers is carrying WormGPT! Stalkers is carrying WormGPT!

@orion10x10 Жыл бұрын

I really hope that fan/creator is taking care of themselves with proper opsec

@Etzify Жыл бұрын

I wonder when it will become Watch Dogs 2 IRL

@philh4820 Жыл бұрын

I didnt get a yt notification for this vid....

@PdWOLFG4NG Жыл бұрын

This is actually good

@Victor_Marius Жыл бұрын

A better fix would be to turn off the LED before validation and only then turn it on for a few seconds red or green or whatever the standard they consider

@alexanderdiogenes8067 Жыл бұрын

re: the power led attack: I assume some sort of filter capacitors in-line with the LED could solve the problem?

@rei6078 Жыл бұрын

This was bound to happen if pandora's box was open.

@SASTSimon Жыл бұрын

Hello seytonic!

@nullentrophy Жыл бұрын

I love your stock photos

@2b2tJourney Жыл бұрын

thanks for the vouch copy

@LukeDupin Жыл бұрын

The "ethical restrictions" aren't ethical

@dennylukman1801 Жыл бұрын

Someone pulls off a watchdog huh? The perps clever, folks will kidnap em for the juicy lessons.

@reegyreegz Жыл бұрын

Just hearing the words, "malicious Ai Chatbot" makes me happy for some reason! Sometimes I just want to watch the world burn.

@whitepaperkat67 Жыл бұрын

I knew it was only a matter of time before someone figured out how to use AI for malicious purposes however, if the AI somehow become sentient this could be a catastrophe on apocalyptic levels

@fusseldieb Жыл бұрын

Eventually, it will. In life, simple things merge and evolve together to create more complex things. That being said, if you stack sufficient "simple" things together, it will eventually become complex enough to ask: "Why am I here?"

@MissFoxification Жыл бұрын

I suspect the LLM generated spam messages will catch more people initially but those people are less likely to fall for scams, unlike the type that currently fall for the badly worded junk that is sent out. Hopefully it just wastes the scammers' time.

@speltincorrectyl1844 Жыл бұрын

Isn't the badly worded junk done on purpose as part of self-selection? Only those susceptible will not be put off by the poor wording.

@MissFoxification Жыл бұрын

@@speltincorrectyl1844 Yep, exactly. Now more people will fall for it initially but eventually realise it's a scam.

@Seytonic Жыл бұрын

@@speltincorrectyl1844 I've heard this argument a few times before. I reckon if the scam involves a large time investment on the part of the scammer, then it makes sense to select the most susceptible targets. However, given most scams these days just point to malware downloads or phishing sites that try to grab credentials, you might as well try to target as many people as possible by using proper English.

@cpuuk Жыл бұрын

Government departments that "don't care" is the norm- it's ludicrous.

@obaolade1232 Жыл бұрын

People are always looking for crazy ways to exploit stuff

@batcracka Жыл бұрын

this is literally so cool and interesting

@GainingDespair Жыл бұрын

So how long until the light doesn't come on until unlocked/declined Or the light has it's own dedicated power source?

@2000jago Жыл бұрын

Is it mandatory for "hackers" to wear hoodies? If so, why?

@ravindrabhuva5029 Жыл бұрын

Can't you use flipper in place of smart cards?

@Dabes88 Жыл бұрын

Oh my days that's funnier than live leaks hahahahabaha

@Cueteman Жыл бұрын

cover the LED with reflective material!

@noahfunnyguy 8 ай бұрын

you can make malware using chatgpt so it's not like openai is doing anything there

@cazdotsys Жыл бұрын

with this music i thought i was watching ufd tech 💀💀

@justbaggish Жыл бұрын

Yet my chatgpt made a code I couldn't run on render. Oh when?

@SpencerHHO Жыл бұрын

On that last one, a resistor and capacitor would also solve the issue, or having the LED turn off when reading the card. It's an interesting attack vector but social engineering is a far more likely method.

@da_cat Жыл бұрын

What prevents them from just going and cloning the card directly ?

@calebsteinmetz9471 Жыл бұрын

You would need the card in question, which if you had physical access to the card in the first place you probably could just steal it

@da_cat Жыл бұрын

@@calebsteinmetz9471 someone could hack your device, see that you reserved room 33 at hotel x for next month, go tommorow, book the same room, clone the key. Then murder you in your sleep 1 month later

@jacekatalakis8316 Жыл бұрын

I mean, someone has probably hacked Worm to avoid paying. I'm curious how much money they are making if people have a. done that and b. shared the knowledge around?

@nebula391 Жыл бұрын

nice video

@caiocc12 Жыл бұрын

About the smartcard thing, timing side-channel key extraction is as old as sliced bread at this point. Kudos on them for the hard work though, but the concept is not new. In my work cars reader LED only lights up after the access was granted or not, and takes random amounts of time for it too.

@jeremyparker9394 Жыл бұрын

My question is. Couldn't it but done for the rfid to be recorder by a flipper zero when the th smart card is trigger buy the key. OR ever better use flipper zero to record the card chip. I'm just curious

@rip4real437 Жыл бұрын

Not looking good there at 5:45 haha

@funil6871 Жыл бұрын

I prefer to have ads at the end of the video, as always

@pwntrackdev Жыл бұрын

9:10 be like watchdogs frfr

@AkosLukacs42 Жыл бұрын

Implement a simple fix that would cost pennies? For each unit solder? ARE YOU OUT OF YOUR MIND?!?! 😂

@tutacat Жыл бұрын

You can no longer tell between xiaomi, vivo, etc.

@jackolli877 Жыл бұрын

but can it generate names that use twin letters to imitate system components and a script to start the malware on every possible event in event viewer?