< Previousopinion 40 edge_april 2024 I magine you are a finance worker innocently going about your day when you are summoned to a video-conferencing call. Amid a sea of faces you recognise is your boss, the CFO, who tells you to remit tens of millions of dollars to a third party. Would you do it? Many would. Could you then imagine how you would feel if you discovered everyone on the call was in fact not on the call? Would you panic? Many would. This is not a work of fiction. No imagination required. This really happened, in February, in Hong Kong. While neither the name of the finance worker nor that of the company were disclosed, we know the sum was more than $25 million. A real-life human-being witnessed a panel of their colleagues, including the CFO, on a conference call in which everyone except the victim was a deepfake. “Deepfake” is a word that sends chills up and down the spines of security experts around the globe. Here in the GCC, business leaders are already aware that because of the advent of generative AI (GenAI), deepfakes are more of a problem than ever. Before ChatGPT, Bing Copilot, et al arrived, bad actors were already using deepfakes in the region. By Michael Byrnes Director – Solutions Engineering, META, BeyondTrust 6 anti-deepfake strategies to help GCC security leaders From zero trust to building in multi-factor authentication systems, here are key tips or strategies for organisations to be secure in this AI-first world CYBERSECURITY In 2020, a UAE-based bank manager transferred $35 million at the behest of faked audio that simulated the voice of the company director. When new identities can be created out of thin air, and when established ones can be convincingly copied, we need a strategy. Or perhaps six strategies, such as those listed here. 1. Zero trust Never has zero-trust security been more relevant than right now. It is the perfect fit for identity-based attacks. Continuous, contextual authentication should be combined with the enforcement of least-privilege principles. When it comes to conference calls, strong authentication methods and standardisation of tools are absolute musts. 2. Pen testing There is no reason why deepfakes should be exempt from standard security readiness drills. Ethical hackers can use deepfake technology in their penetration tests and report on vulnerabilities just as they would any other vector, as long as such probing stays within legal and ethical bounds and conforms to risk requirements. Additional security and policy controls can then emerge as remedies to deepfake vulnerabilities. 3. Awareness Ongoing employee training is our greatest weapon against the deepfake. Sources such as the World Economic Forum (WEF) and IBM Security Services have been warning us for years that we humans are the weakest link. Both these entities have at one time estimated that 95 per cent of cyber incidents can be traced back to human error. Deepfake vulnerabilities are intrinsically human, so educating people about them is a crucial part of any effective defense. Again, when it comes to testing whether such knowledge has stuck, unannounced phishing-simulation drills are extremely useful. As part of the revamped training program, staff must be introduced to new, tighter policies. They should be instructed on how these procedures fit into their daily schedules and how they strengthen security. Deepfake vulnerabilities are intrinsically humanedge_april 2024 41 4. Multi-factor authentication (MFA) MFA can act as a stalwart layer of protection, especially when used in conjunction with conditional-access policies that look for the right device in the right location when users attempt to execute privileged actions such as take part in conference calls. Take care to implement phishing-resistant MFA (FIDO2, for example) to protect against MFA-fatigue attacks. 5. Privileged access management (PAM) PAM is an important building block in zero- trust identity security. Privileged access must be protected if we are to guard the precious systems and resources that our most trusted executives oversee. Today’s cloud accounts and machine identities obscure the line between privileged and non-privileged. We must redraw that line to prevent lateral movement and the dropping of damaging payloads. Privileged-access security tools are fit for this purpose. They help security teams discover privileged roles and watch over their associated accounts. The tools can enforce least privilege, where access is limited to the level and duration required (and no more) for a task to be completed. PAM solutions are also good at adapting to changes in the risk landscape and instantaneously adjusting least-privilege parameters to fit new requirements. 6. Identity threat detection and response (ITDR) Our greatest fear about GenAI is not that it makes deepfakes viable. Deepfakes have been around for years. Our current fear is more about how AI-driven content creation can enhance deepfakes, eliminating the off-kilter lip syncing, facial expressions, body movements, lighting, coloring, and speech patterns that made trickery detectable by the naked human eye. As these “improvements” occur, identity threat detection and response (ITDR) can help. ITDR mitigates threats in real-time by using a fluid risk baseline that changes with context. ITDR is also capable of taking automatic action, up to and including shutdown of access. What next? The recent Hong Kong deepfake should be (another) wakeup call for more preventative action. The GCC is not immune. To the contrary, economic success is a magnet to cybercriminals who see the potential for bigger paydays. That is why it is crucial that regional organisations look to their environments and their people for signs of vulnerability. They must introduce zero trust methodologies, PAM, ITDR, cloud infrastructure entitlements management (CIEM), and more to protect against this latest threat. It seems as if the goal posts are forever changing in risk management and cybersecurity. Cleverer authentication methods just beget cleverer attack methods. In this arms race, it might appear that the duplication of our very digital presence is a nuclear apex. But now that we have presented you with the countermeasures, you can face down the face-stealers and feel safe once more. opinion42 edge_april 2024 tech tips A guide to protect yourself from phishing scams Top tips to safeguard yourself against scamsters CRYPTOCURRENCY By Sindhu V Kashyap I n today’s digital age, scams and fraudulent activities have become increasingly sophisticated, posing significant risks to individuals’ financial security and personal well- being. Whether it’s phishing emails, fake websites, or social engineering tactics, scammers employ various methods to deceive unsuspecting victims. Therefore, it’s crucial to arm yourself with knowledge and take proactive steps to safeguard against these threats. Here are a few strategies to protect yourself from scams, with growing kinds of romance based scams and approval phishing scams. Akin to many other fraudulent schemes, these scams prey on individuals’ trust and exploit their vulnerabilities for financial gain. As the prevalence of online scams continues to rise, it’s crucial for individuals to educate themselves on how to identify and protect against such deceitful practices. To effectively protect oneself against these scams, it’s imperative to comprehend the modus operandi of these fraudulent actors. Scammers employ various tactics to manipulate and deceive their victims, exploiting their trust and financial vulnerabilities. Awareness, scepticism, and critical thinking are edge_april 2024 43 tech tips essential tools in combating financial fraud and safeguarding personal and financial security in the digital age. Here’s a comprehensive guide with all the details on how one can shield themselves from these scams: 1. Terminate all communication with the scammer: The first step in protecting yourself is to break off all contact with the scammer immediately. Since most of these scams with a wrong number text or email, and then are cultivated to build trust, stop all communication through text, social media, apps, and email without offering any explanation or farewell. This prevents further manipulation and reduces the risk of coercion. 2. Block and report the scammer’s account: Take action to prevent the scammer from targeting others by blocking and reporting their profile on all relevant platforms. Scammers often operate through multiple accounts, so it’s essential to report each suspicious profile to the platform administrators. 3. Update passwords and login credentials: Strengthen the security of your online accounts by changing passwords and access codes regularly, particularly for financial platforms and cryptocurrency accounts. Utilise strong, unique passwords that are difficult to guess or hack. 4. File a police report: Contact your local law enforcement agency to file a formal complaint and provide comprehensive details of the fraud. 5. Monitor your online and financial accounts: Stay vigilant by regularly monitoring your credit reports, bank accounts, and credit card statements for any suspicious or unauthorised transactions. Promptly report any discrepancies or fraudulent activities to your financial institution. 6. Educate yourself about common scam tactics: Familiarise yourself with typical scam methods such as phishing emails, fake websites, and social engineering techniques. Awareness is key to recognising and avoiding fraudulent schemes. 7. Exercise caution with unsolicited offers or requests: Be wary of unexpected messages or requests for personal information, especially from unknown sources. Verify the legitimacy of the sender before disclosing any sensitive details. 8. Trust your instincts: If something seems too good to be true or raises suspicions, trust your instincts and refrain from engaging further. Listen to your gut feelings and avoid transactions or activities that make you uncomfortable. 9. Share your experience and raise awareness: Inform friends, family, and colleagues about your encounter with the scam to raise awareness and prevent others from falling victim. Encourage them to remain vigilant and report suspicious activities promptly. 10. Seek support from consumer protection agencies: Reach out to consumer protection agencies or organisations specialising in fraud prevention for guidance and assistance. These agencies may offer resources, counselling, and legal support to victims of fraud. 11. Opt for secure payment methods: When conducting online transactions, choose secure payment methods that offer buyer protection, such as credit cards or reputable third-party payment platforms. Avoid using irreversible payment methods like wire transfers or cryptocurrency. By taking decisive action and following these proactive measures, individuals can safeguard themselves against the perils of these scams and mitigate the potential consequences of falling victim to fraudulent schemes. Vigilance, awareness, and swift response are key to protecting personal and financial security in the digital age. Awareness, scepticism is the key to protection Fake emails, common scam tactics used by bad actors44 edge_april 2024 MOTOROLA: Smart Connect Motorola’s presence at the Mobile World Congress (MWC) 2024 in Barcelona, Spain, was marked by the unveiling of innovative gadgets, among them the remarkable Smart Connect - a phone that bends. This revolutionary device introduces a novel form factor, enabling it to rest in an arch on a table, facilitating shared viewing experiences for at least two individuals seated across from each other. Moreover, the Smart Connect boasts a magnetic band attachment, allowing users to effortlessly wrap the device around their wrists. Upon doing so, the interface seamlessly adapts, displaying pertinent information on the upper portion of the screen. Motorola also announced the introduction of Motorola Smart Connect, a ground- breaking software feature developed in collaboration with Lenovo’s Smart Connect. This software represents an evolution of the Ready for Platform, enabling wireless connections between Motorola phones and nearby displays for app streaming and file sharing. Notably, these features are expanding to Windows laptops through the Microsoft Store, enhancing cross-device connectivity and functionality.edge_april 2024 45 gadget watch Not to be outdone, Lenovo showcased its own ground-breaking creation at MWC - the transparent laptop, codenamed Project Crystal. While the launch timeline for this product remains uncertain, its futuristic design captivates the imagination. Project Crystal’s Micro-LED transparent screen LENOVO: Project Crystal Among the array of futuristic devices unveiled at MWC was the Humane AI pin, a wearable smart device designed to be affixed to clothing. This innovative pin responds to voice commands, facilitates calls, answers inquiries, captures photos, and performs a myriad of other functions. Featuring a Laser Ink Display capable of projecting onto one’s hand, effectively transforming the palm into a functional screen, the Humane AI Pin aims to supplant conventional smartphones. Positioned as an indispensable AI-powered accessory, it endeavours to streamline users’ daily technological interactions. Priced starting at $700, the device is available for pre-order until March 31st, with a complimentary three- month Humane subscription included. HUMANE: AI Pin offers unparalleled transparency, granting users the ability to view other applications concurrently, owing to its remarkably bright display. Currently, Lenovo is actively working to refine the screen’s transmissiveness to incorporate an opaque quality, ensuring user privacy and versatility.46 edge_april 2024 ZTE: Nubia Glasses-Free 3D ZTE made waves with the release of its Nubia Pad 3D II, a revolutionary tablet offering glasses-free 3D viewing experiences. Leveraging eye-tracking technology, the tablet delivers distinct images to each eye, creating a captivating 3D effect without the need for specialised eyewear. Boasting 5G connectivity and dual rear cameras for 3D imaging and video capture, this generation of the tablet also features an AI capability capable of converting 2D content into 3D. Pricing details for this innovative tablet are yet to be disclosed. Additionally, Nubia introduced a foldable flip phone, combining a spacious 6.9-inch 120Hz display with a compact, pocket-friendly form factor. Noteworthy features include a unique circular screen on the front and a 50-MP AI dual camera system, enhancing the selfie-taking experience. With a Snapdragon 7 Gen processor and a budget-friendly price tag of $599, the foldable flip phone presents an enticing proposition for tech enthusiasts. gadget watch SAMSUNG: Galaxy Book 4 Following its initial launch as a South Korea exclusive, Samsung’s Galaxy Book 4 series is now making its debut in select global markets. Representing the pinnacle of Samsung’s PC innovation, the Galaxy Book 4 series features top- of-the-line Intel Ultra chips, Microsoft’s Co-pilot AI assistant, and a generously-sized trackpad, enhancing user navigation on its impressive 120Hz AMOLED touchscreen. Pricing for the Galaxy Book 4 series starts at $1,099 for the base 360 model, with higher-tier configurations commanding higher price points. Samsung also offers up to $800 in trade-in value for laptops, phones, or tablets when purchasing a Galaxy Book 4 through its website by April 1.edge_april 2024 47 gadget watch HONOR: Pad9 The Honor Pad 9 emerges as a formidable competitor to Apple’s iPads in the Android tablet arena. Characterised by its sleek design, stunning 12.1-inch 2.5K display, and extended battery life, the Honor Pad 9 embodies the essence of the iPad experience on an Android platform. Powered by Honor’s proprietary MagicOS on Android 13 and equipped with a Snapdragon 6 Gen 1 chipset, the tablet offers a seamless user experience with the versatility of Android’s latest operating system. With a price point of £349.99, the Honor Pad 9 presents a compelling value proposition, offering comparable features to the iPad 10th Gen at a significantly lower cost. By unveiling these ground-breaking devices, manufacturers have not only showcased their technological prowess but also offered glimpses into the future of consumer electronics. As these innovations continue to evolve, they promise to redefine the way we interact with and perceive technology in our daily lives.review 48 edge_april 2024 Unwrapping Amazon’s new Echo Hub By Sindhu V Kashyap CONTROL PANEL BySindhuVKashyap Your gateway to smarter and simpler living review edge_april 2024 49 U pon initial examination, the Amazon Echo Hub might be mistaken for a pricier gadget, resembling a flattened smart display with audio capabilities hovering around the average mark. Priced at $179.99, it appears to mirror the Echo Show 8 ($149.99) in a more compact form, featuring smaller speakers and devoid of a camera. Yet, beneath its surface, the Echo Hub reveals itself as a sophisticated, wall-mountable device meticulously designed to serve as the quintessential smart home control centre. In terms of value, the Echo Hub outshines competitors like the Brilliant Control ($399), offering comparable functionalities at a fraction of the cost. While the Echo Show 8 remains our preferred choice for smart displays owing to its superior media capabilities, the Echo Hub distinguishes itself with its exceptional smart home management, particularly appealing to users who favour screen-based control over voice commands. Design: Crafted with versatility in mind Measuring a mere 5.4 by 7.9 by 0.6 inches (HWD), the Echo Hub boasts a slim profile, making it one of the most compact Echo smart displays available. While designed with wall mounting in mind, it also offers the flexibility of a table stand as an optional accessory. Its 8-inch screen, adorned with a slim white bezel, is complemented by strategically positioned microphones and sensors, ensuring optimal functionality. The device features a USB-C port for power, with provisions for power-over-Ethernet (PoE) connectivity, enhancing its adaptability to diverse home environments. Setup and software: Intuitive interface Setting up the Echo Hub mirrors the streamlined process of other Echo devices. Upon connecting to the home network, users can personalise settings and preferences through the Alexa mobile app. The Hub’s touch-optimised interface is tailored for smart home control, seamlessly integrating with a myriad of compatible devices. While lacking the entertainment prowess of its counterparts, the Echo Hub excels in its primary role as a smart home hub, offering intuitive touch controls for managing devices across different rooms. Media performance: Functionality meets finesse Although capable of playing audio and video content, the Echo Hub prioritises functionality over finesse. While the screen can display vibrant visuals, its audio capabilities may leave audiophiles wanting more, lacking the depth and clarity found in dedicated audio devices. Despite its limitations, the Echo Hub serves as a conduit for accessing information, managing reminders, and facilitating voice calls, albeit without video call support due to the absence of a camera. Smart home performance: Seamless integration The Echo Hub seamlessly integrates with a diverse array of smart home devices, offering intuitive control options via voice commands or touch gestures. With improved response times and enhanced natural language processing, Alexa on the Echo Hub provides a user-friendly experience for managing connected devices. Although occasional hiccups may occur, such as accessing camera feeds, the Echo Hub generally performs reliably in controlling smart home devices and accessing relevant information. Verdict: A superb smart home control panel In conclusion, the Amazon Echo Hub emerges as a stellar choice for those seeking a comprehensive smart home control centre. While its audio and video playback features may not rival those of dedicated media devices, its emphasis on smart home management makes it a compelling investment for individuals looking to streamline their home automation experience. With its sleek design and comprehensive capabilities, the Echo Hub represents a worthwhile addition to any modern smart home setup. reviewNext >