#FactCheck - Viral Post of Gautam Adani’s Public Arrest Found to Be AI-Generated

Introduction 

In the interconnected world of social networking and the digital landscape, social media users have faced some issues like hacking. Hence there is a necessity to protect your personal information and data from scammers or hackers. In case your email or social media account gets hacked, there are mechanisms or steps you can utilise to recover your email or social media account. It is important to protect your email or social media accounts in order to protect your personal information and data on your account. It is always advisable to keep strong passwords to protect your account and enable two-factor authentication as an extra layer of protection. Hackers or bad actors can take control of your account, they can even change the linked mail ID or Mobile numbers to take full access to your account.

‍

Recent Incident

Recently, a US man's Facebook account was deleted or disabled by Facebook. He has sued Facebook and initiated a legal battle. He has contended that there was no violation of any terms and policy of the platform, and his account was disabled. In the first instance, he approached the platform. However, the platform neglected his issue then he filed a suit, where the court ordered Facebook's parent company, Meta, to pay $50,000 compensation, citing ignorance of the tech company. 

‍

Social media account recovery using the ‘Help’ Section

If your Facebook account has been disabled, when you log in to your account, you will see a text saying that your account is disabled. If you think that your account is disabled by mistake, in such a scenario, you can make a request to Facebook to ‘review’ its decision using the help centre section of the platform. To recover your social media account, you can go to the “Help” section of the platform where you can fix a login problem and also report any suspicious activity you have faced in your account. 

‍

Best practices to stay protected

1. Strong password: Use strong and unique passwords for your email and all social media accounts.
2. Privacy settings: You can utilise the privacy settings of the social media platform, where you can set privacy as to who can see your posts and who can see your contact information, and you can also keep your social media account private. You might have noticed a few accounts on which the user's name is unusual and isn’t one which you recognise. The account has few or no friends, posts, or visible account activity.
3. Avoid adding unknown users or strangers to your social networking accounts: Unknown users might be scammers who can steal your personal information from your social media profiles, and such bad actors can misuse that information to hack into your social media account. 
4. Report spam accounts or posts: If you encounter any spam post, spam account or inappropriate content, you can report such profile or post to the platform using the reporting centre. The platform will review the report and if it goes against the community guidelines or policy of the platform. Hence, recognise and report spam, inappropriate, and abusive content.
5. Be cautious of phishing scams: As a user, we encounter phishing emails or links, and phishing attacks can take place on social media as well. Hence, it is important that do not open any suspicious emails or links. On social media, ‘Quiz posts’ or ‘advertisement links’ may also contain phishing links, hence, do not open or click on such unauthenticated or suspicious links.

‍

Conclusion

We all use social media for connecting with people, sharing thoughts, and lots of other activities. For marketing or business, we use social media pages. Social media offers a convenient way to connect with a larger community. We also share our personal information on the platform. It becomes important to protect your personal information, your email and all your social media accounts from hackers or bad actors. Follow the best practices to stay safe, such as using strong passwords, two-factor authentication, etc. Hence contributing to keeping your social media accounts safe and secure.

‍

References:

• https://www.gpb.org/news/2023/07/11/facebook-wrongfully-deleted-his-account-he-sued-the-company-and-won
• https://consumer.ftc.gov/articles/how-recover-your-hacked-email-or-social-media-account

‍

Executive Summary:

CVE 2024-3094 is a backdoor vulnerability recently found in Kali Linux installations that happened between March 26th to 29th. This vulnerability was found in XZ package version 5.6.0 to 5.6.1. It could allow the malicious actor to compromise SSHD authentication, and grant unauthorized access to the entire system remotely. The users who have installed or updated Kali Linux during the said time are advised to update their system to safeguard against this vulnerability. 

The Dangerous Backdoor

The use of the malicious implant found in XZ Utils as a remote code execution tool makes it more dangerous, because of its ability to compromise the affected systems. Initially, researchers believed the vulnerability enabled an authentication bypass for the OpenSSH server (SSHD) process. However, further analysis revealed it is better characterized as a remote code execution (RCE) vulnerability.

The backdoor intercepts the RSA_public_decrypt function, verifies the host's signature using a fixed Ed448 key, and if successful, executes malicious code passed by the attacker via the system() function. This leaves no trace in SSHD logs and makes it difficult to detect the vulnerability. 

Impacted Linux Distributions

The compromised versions of XZ Utils have been found in the following Linux distributions released in March 2024:

• Kali Linux (between March 26 and March 29)
• openSUSE Tumbleweed and openSUSE MicroOS (March 7 to March 28)
• Fedora 41, Fedora Rawhide, and Fedora Linux 40 beta
• Debian (testing, unstable, and experimental distributions only)
• Arch Linux container images (February 29 to March 29)
• Meanwhile, distributions such as Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise, openSUSE Leap, and Debian Stable are not believed to be affected.

How Did This Happen?

The malicious code appears to have been inserted by taking advantage of a typical control transfer vulnerability. The original maintainer of the XZ Libs project on GitHub handed over control of the repository to an account that had been contributing to various data compression-related projects for several years. It was at this point that the backdoor was implanted in the project code.

Fortunately, the Potential Disaster Was Averted

As per Igor Kuznetsov, head of Kaspersky's Global Research and Analysis Team (GReAT), the vulnerability CVE-2024-3094 is considered as the largest scale attack that has happened in the Linux ecosystem history. Because it targeted the primary remote management tool for Linux servers on the internet which is  SSH servers.  

As this vulnerability was detected in the testing and rolling distributions in the short period of time, where the latest software packages are used. This results to the minimum damage to the linux users and so far no case of CVE-2024-3094 being actively exploited have been detected.

Staying Safe

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advises that users who installed or updated the affected operating systems in March immediately roll back to XZ Utils 5.4.6 version and be on alert for any malicious activity. It is recommended to change the passwords in the case of a distribution where a weak version of XZ Utils has been installed. 

The Yara rule has been released to detect any infected systems by CVE-2024-3094 Vulnerability. 

Conclusion

The discovery of the XZ Utils backdoor provides a reminder to be vigilant in the open source software environment. This supply chain attack highlights the importance of strong security measures, elaborate code reviews, and regular distribution of security updates to provide shield against such vulnerabilities. Always staying informed and taking the necessary precautions, Linux users can mitigate the potential impact of this vulnerability to keep their systems safe.

References : 

• https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html 
• https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/ 
• https://www.kali.org/blog/about-the-xz-backdoor/ 
• https://www.kaspersky.com/blog/cve-2024-3094-vulnerability-backdoor/50873/ 
• https://www.rapid7.com/blog/post/2024/04/01/etr-backdoored-xz-utils-cve-2024-3094/ 

‍

Introduction

AI has penetrated most industries and telecom is no exception. According to a survey by Nvidia, enhancing customer experiences is the biggest AI opportunity for the telecom industry, with 35% of respondents identifying customer experiences as their key AI success story. Further, the study found nearly 90% of telecom companies use AI, with 48% in the piloting phase and 41% actively deploying AI. Most telecom service providers (53%) agree or strongly agree that adopting AI would provide a competitive advantage. AI in telecom is primed to be the next big thing and Google has not ignored this opportunity. It is reported that Google will soon add “AI Replies” to the phone app’s call screening feature. 

How Does The ‘AI Call Screener’ Work?

With the busy lives people lead nowadays, Google has created a helpful tool to answer the challenge of responding to calls amidst busy schedules. Google Pixel smartphones are now fitted with a new feature that deploys AI-powered calling tools that can help with call screening, note-making during an important call, filtering and declining spam, and most importantly ending the frustration of being on hold.  

In the official Google Phone app, users can respond to a caller through “new AI-powered smart replies”. While “contextual call screen replies” are already part of the app,  this new feature allows users to not have to pick up the call themselves. 

• With this new feature,  Google Assistant will be able to respond to the call with a customised audio response.
• The Google Assistant, responding to the call, will ask the caller’s name and the purpose of the call. If they are calling about an appointment, for instance, Google will show the user suggested responses specific to that call, such as ‘Confirm’ or ‘Cancel appointment’.

Google will build on the call-screening feature by using a “multi-step, multi-turn conversational AI” to suggest replies more appropriate to the nature of the call. Google’s Gemini Nano AI model is set to power this new feature and enable it to handle phone calls and messages even if the phone is locked and respond even when the caller is silent.

Benefits of AI-Powered Call Screening

This AI-powered call screening feature offers multiple benefits:

1. The AI feature will enhance user convenience by reducing the disruptions caused by spam calls. This will, in turn, increase productivity.
2. It will increase call privacy and security by filtering high-risk calls, thereby protecting users from attempts of fraud and cyber crimes such as phishing.  
3. The new feature can potentially increase efficiency in business communications by screening for important calls, delegating routine inquiries and optimising customer service. 

Key Policy Considerations

Adhering to transparent, ethical, and inclusive policies while anticipating regulatory changes can establish Google as a responsible innovator in AI call management. Some key considerations for AI Call Screener from a policy perspective are:

1. The AI screen caller will process and transcribe sensitive voice data, therefore, the data handling policies for such need to be transparent to reassure users of regulatory compliance with various laws. 
2. AI has been at a crossroads in its ethical use and mitigation of bias. It will require the algorithms to be designed to avoid bias and reflect inclusivity in its understanding of language. 
3. The data that the screener will be using is further complicated by global and regional regulations such as data privacy regulations like the GDPR, DPDP Act, CCPA etc., for consent to record or transcribe calls while focussing on user rights and regulations. 

Conclusion: A Balanced Approach to AI in Telecommunications

Google’s AI Call Screener offers a glimpse into the future of automated call management, reshaping customer service and telemarketing by streamlining interactions and reducing spam. As this technology evolves, businesses may adopt similar tools, balancing customer engagement with fewer unwanted calls. The AI-driven screening will also impact call centres, shifting roles toward complex, human-centred interactions while automation handles routine calls. They could have a potential effect on support and managerial roles. Ultimately, as AI call management grows, responsible design and transparency will be in demand to ensure a seamless, beneficial experience for all users.

References

• https://resources.nvidia.com/en-us-ai-in-telco/state-of-ai-in-telco-2024-report
• https://store.google.com/intl/en/ideas/articles/pixel-call-assist-phone-screen/ 
• https://www.thehindu.com/sci-tech/technology/google-working-on-ai-replies-for-call-screening-feature/article68844973.ece
• https://indianexpress.com/article/technology/artificial-intelligence/google-ai-replies-call-screening-9659612/ 

‍