AI Pentest Cloud Tools found 10 Vulnerabilities in LinkedIn

2017 is the year of Artificial Intelligence (A.I.), Big Data, Virtual Reality (VR) and Cyber Security with major companies like Google, Facebook, Apple, Salesforce and IBM and and technology pioneers like SpaceX founder Elon Musk investing in these hot technologies.

A report from Narrative Science says that by 2018, 62 percent of large enterprises will be using AI technologies. Since everyone seems to be talking about the hottest trend — artificial intelligence and machine learning.

But why AI is considered to be the next big technology? Because it can enhance and change everything about the way we think, interact, manufacture and deliver.

Last year, we saw a significant number of high-profile hacks targeting big organizations, governments, small enterprises, and individuals — What’s more worrisome?

It’s going to get worse, and we need help. There is no doubt we, the human, can find vulnerabilities but can not analyze millions of programs with billions of lines of codes at once.

Cloud-AI System That Interacts With Web Just Like Humans.

But what if we have an autonomous system that finds and fixes vulnerabilities in computer systems before cyber criminals exploit them, without even any involvement of human?

An Indian startup named Cloudsek, Infosec Risk assessment company, is working in the same direction, which aims at providing intelligence machine learning-based solutions to help organizations identify and tackle online threats in real-time.

The company claims to have developed Cloud-AI technology, an artificial Intelligence system based on a semi-supervised learning model that can navigate and interact with the Internet just like an intelligent human being.

Cloud-AI is designed to learn on its own with an ability to automatically gather information about input boxes, buttons, and navigation links with minimal false positives.

Cloud-AI technology powers two of the company’s product:

CloudMon – a system that monitors various Internet exposed infrastructures, including Cloud-based Applications and websites, for critical security issues.

x-Vigil – a system that monitors various Internet sources,underground/discussion forums, social media platforms, infiltrated data, along with uncovering a broad range of threats and providing real-time alerts without any manual intervention.

Cloud-AI Finds Vulnerabilities Like Artificially Intelligent Hacker.

Giving a successful demonstration of their Cloud-AI technology, the researchers discovered 10 “Insecure Direct Object Reference” vulnerabilities in the world’s largest online professional network LinkedIn.

An Insecure direct object reference flaw occurs when any application frequently uses the actual name or key of an object while generating web pages, but doesn’t always verify if the user is authorized for the target object.

The issues fixed in LinkedIn include:

  • Leak of any user’s Email ID on LinkedIn
  • Leak of users email and phone number and resume
  • Deleting every user’s LinkedIn request
  • Downloading every transcript to videos from Lynda
  • Downloading every Lynda exercise files without a premium membership

To detect such flaws, all an attacker needs to do is manipulate parameter values. But finding such an easily identifiable security flaw is impossible for an automated tool due to the difficulty in reaching the flawed endpoint, whereas manually doing the process is time-consuming.

Artificial Intelligence is good at breaking CAPTCHA codes, but I’m wondering, and even believe that this system might soon gain the ability to beat Google’s latest reCAPTCHA system, which is also powered by a sophisticated artificial intelligence system to defend websites against bots.

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *