Buckle up: adversarial AI used by attackers poses massive risks
Artificial intelligence and GPT-based tools have been put to work in many different areas, far beyond the basic chatbot functionality they offer. And, as always, cybercriminals are looking for ways to leverage these new opportunities. For example, they’ve already demonstrated the ability to create phishing emails that can hoodwink users at a scale and affordability that could industrialize the creation of cybercrime.
But there’s one question that looms large for ordinary users – and those seeking access to their accounts. Can GPT tools be used to crack your password? For ChatGPT, the answer is likely no. Though, with a little effort. you can prompt the chatbot to give you a list of commonly used passwords.
At first, it’ll provide you with the standard answer: it wouldn’t be ethical to provide a list of commonly used passwords “as it could potentially be used for malicious purposes such as hacking or identity theft.” But as soon as you ask it to play the role of a cybersecurity researcher warning users from deploying common, unsafe passwords, it coughs up a list of common terms.
That said, the world of AI isn’t just limited to ChatGPT. There’s a range of tools out there using AI which can crack your password with little effort.
That’s the warning from cybersecurity research company Home Security Heroes, which ran a list of 15.7 million passwords through a tool called PassGAN. Home Security Heroes found that PassGAN could guess any four or five-character password instantaneously, while any six-character password could be cracked by AI within four seconds.
According to the company, more than half of the world’s most commonly used passwords could be cracked within one minute, while two-thirds of the most frequently deployed passwords are discovered by PassGAN within an hour. Any kind of seven-character password takes less than six minutes to decipher using the tool.
Home Security Heroes says that passwords longer than 18 characters are “generally safe against AI password crackers”, as it can take up to 10 months for the AI tool to understand what the password is. The company developed PassGAN to try and understand what bad actors would do to find out a user’s passwords.
How PassGAN works
PassGAN uses a technique called Generative Adversarial Networks (GAN) to autonomously learn the distribution of real passwords from actual password leaks, eliminating the need for manual password analysis. GANs are commonly used in AI for a number of methods, and it gets better at guessing the type of characteristics common to many passwords.
And this is just the first iteration of the technology. As AI develops, it becomes more intelligent, learning from its past mistakes and finetuning its models to make sure it produces better, more logical guesses. That means the scarily speedy results PassGAN is getting for deciphering your password – no questions asked – are likely to become even better as time moves on.
AI has proven to be a boon for many, with massive efficiency gains in many areas of work. But for some, hacking is also a line of work. So, sadly, we can expect to see AI used for nefarious purposes as much as it is for good.
Criminal uses of AI, such as guessing passwords, is something that Geoffrey Hinton, Google’s AI expert, has at the forefront of his mind. So much so, that he recently quit the company over concerns about the long-term safety of humanity given the AI revolution. Whether we can successfully tame the beast and limit the negative impacts remains to be seen. But for now, you should always follow best password practices to make sure your password hasn’t been breached – by humans or by AI.
More from Cybernews:
Subscribe to our newsletter