Search This Blog

Showing posts with label Amazon. Show all posts

Amazon, Sony, Xiaomi, Samsung Devices Hacked at Pwn2Own Hacking Contest at Tokyo


In a hacking contest held at Tokyo, a duo of white-hat hackers known as Fluoroacetate breached pass devices of some of the most popular tech companies namely Amazon, Samsung, Sony, Xiaomi and others. On the first day itself, the team won prize money of $145,000 (around 1.02 crore) and 15 Master of Pwn points which secured them a dominant lead ahead of others in the competition. The contestants receive a bounty for each successful breach and points that add on to the total ranking. However, the overall winner obtains the grand title 'Master of Pwn'.

The leading team, Fluoroacetate which comprises Hacker Amat Cama and Richard Zhu, amassed a lot of success early on as they managed to bypass five devices. Making history, the duo cracked down Sony X800G, first-ever Television exploited in the contesting history of Pwn2Own. Moving onto their next targets, Amazon Echo Show and Samsung Q60 television, the hackers employed an integer overflow in JavaScript to compromise both the devices. While hacking Xiaomi Mi 9, the duo used a JavaScript exploit to extract a picture from the smartphone. Next up on their list was Samsung Galaxy S10, which the remarkable duo slashed down by pushing a file on the phone via a stock overflow. The last contributor for the team's winning streak was Netgear Nighthawk Smart Wi-Fi Router R6700 (LAN interface).

Points and bounty distribution 

Team Fluoroacetate piled up a total bounty of $145,000 and 15 Master of Pwn points at the end of the first day at Pwn2Own, in the following order.

Sony X800G smart TV: $15,000 and 2 Master of Pwn points.
Amazon Echo Show 5: $60,000 and 6 Master of Pwn points.
Samsung Q60 smart TV: $15,000 and 2 Master of Pwn points.
Xiaomi Mi9 smartphone: $20,000 and 2 Master of Pwn points.
Samsung Galaxy S10: $30,000 and 3 Master of Pwn points.

Pwn2Own is the top computer hacking contest that was first conducted in 2007 with the purpose of demonstrating the security flaws present in widely used software and devices. The hackers gather at the contest to demonstrate vulnerabilities for a pre-set list of software and devices, to earn points on successful discoveries the hackers must ensure that all the exploits put forth at the contest are new. After the contest, the event organizers take charge of all the bugs and vulnerabilities discovered throughout the competition and subsequently hand them over to the respective companies.

After the final day of the tournament, Fluoroacetate, accumulating total prize money of $195,000, 18.5 Master of Pwn points along with a shining trophy and other goodies, has emerged victorious and as the rightful owner of the title 'Master of Pwn'. Notably, the team's most striking accomplishment has to be the bypassing of Samsung Galaxy S10 that won the duo a whopping sum of $50,000 and 5 valuable Master of Pwn points.

Researchers Found a Way to Take over Google Home, Amazon’s Alexa or Apple’s Siri Devices through Laser Pointers


Researchers in Japan and at the University of Michigan recently said that they had figured out how to take control over Google Home, Amazon's Alexa or Apple's Siri devices from several feet away by shining laser pointers, and even flashlights, at the devices' mouthpieces.

What brought this one was the ascent of the voice-controlled digital assistants, introduced a couple of years back and the security experts have expressed their worries that systems like Apple's Siri and Amazon's Alexa were a privacy danger and could be effectively and easily hacked.

Kevin Fu, an associate professor of electrical engineering and computer science at the University of Michigan with respect to the usage of laser pointers said that “This opens up an entirely new class of vulnerabilities, it’s difficult to know how many products are affected because this is so basic.”

The computer science and electrical engineering researchers — Takeshi Sugawara at the College of Electro-Interchanges in Japan and Mr. Fu, Daniel Genkin, Sara Rampazzi, and Benjamin Cyr at the College of Michigan — all of them released their findings regarding the same issue in a paper on the 4th of November.

The researchers said they had informed Tesla, Portage, Amazon, Apple, and Google to the light vulnerability and the companies all responded saying that they were 'studying' the conclusions in the paper that was released.

Despite the fact that there is no clear indication that the light vulnerability defined on the 4th has been utilized by hackers, however, with a torrent of internet-connected devices rising in the market, the researchers said the revelation was a reminder to the consumers to be on the lookout in areas concerning security in the coming future.

Israeli spyware firm NSO can mine data from social media accounts









An Israeli spyware firm has claimed that they can scoop  user data from the world’s top social media, the Financial Times report. 

The powerful malware Pegasus from NSO Group is the same spyware that breached WhatsApp data earlier this year. 

The firm said that this time their malware can scrap data from the servers of Apple, Google, Amazon, Facebook, and Microsoft. 

According to the reports of the Times, the NSO group had “told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch”.

However, the companies spokesperson denied the allegation in a in written statement to AFP’s request for comment. 
“There is a fundamental misunderstanding of NSO, its services and technology,” it said.

“NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure as listed and suggested in today’s FT article.”

In the mean time, Amazon and Google told AFP that they have started an investigation on the basis of report, but so far found no evidence that the software had breached their systems or customer accounts.




Amazon Prime Day A Cyber Attack Target?




Researchers discover that the upcoming Amazon Prime Day sale is said to bring about hackers setting up a variety of Prime Day-related tricks intended to fool users into giving up their sensitive data.

Utilizing an 'Amazon Phishing Kit' the hackers can ship out malignant emails that have all the earmarks of being sent from Amazon, consisting of links that direct the victims to a fake Amazon login page.

As reported by Wired, shopping occasions like Prime Day stand for an easy-to-access opportunity for scamsters hoping to hoodwink victims into forking over their own information.

Crane Hassold, threat intelligence manager at the digital fraud defense firm Agari told Wired, 'Cybercriminals take advantage of popular, highly visible events when consumers are expecting an increased frequency of emails, when their malicious emails can hide more easily in the clutter,'

As indicated by security researchers from McAfee, scammers can make an email that seems like it's originating from a real organization, while utilizing a pack called 16Shop.

The biggest risk for the users is their credit card information, birthdays, addresses, and even social security numbers. The kit was initially intended to target Apple users, however as indicated by researchers, Prime Day appears, by all accounts, to be hackers' current target.

To avoid from being misled, analysts suggest investigating emails sent by Amazon with additional thoroughness and ceasing from following links to enter login data sent through email.

Just making a decision about an email by whether the address it's sent from is never again adequate state security analysts, since even emails can be faked. Instead, it's ideal to go legitimately to an organization's page by entering a URL into your address bar and afterward continue from that point.

Amazon Prime Day takes will take place on July 15 and 16.

More than 17,000 Domains Affected with Code which Steals Card Data



Cybercriminals running Magecart operations have added payment card skimming code to more than 17,000 domains with JavaScript files in misconfigured Amazon S3 buckets.

Cybercriminals exploited the lack of access control in Amazon's cloud storage services and affected over 17,000 domains via automated attacks which reconstructed JavaScript code randomly, without monitoring if the code could load a payment page.

The exploit came as a part of Megacart operations, originated in the month of April; attackers injected payment card skimming code to a high number of domains with JavaScript files in poorly configured Amazon S3 buckets which granted writing permissions to the person finding them.

According to the security researchers at RiskIQ, the discovery of these S3 buckets had been automated by the authors of the campaign.

Referencing from the findings made by Yonathan Klijnsma, RiskIQ's head of threat research, "Once the attackers find a misconfigured bucket, they scan it for any JavaScript file (ending in .js). They then download these JavaScript files, append their skimming code to the bottom, and overwrite the script on the bucket."

"Even if your bucket has information that anyone can access, it does not mean everyone should be able to modify the content," he added.

The fact that a large number of websites employing Amazon's cloud storage services fell short in fortifying access to the corresponding assets played a major role for Magecart campaign in realizing its malicious objectives.

Google’s Language Experts Listen to Users’ Private Recordings





The technology superpower Google recently avowed that its employees listen to customers' personal audio recordings on Google Home smart speakers.


For allegedly improving the voice recognition quality, language experts analyze "snippets" of users' recordings.


Those recordings are used to further develop the Google assistant's artificial intelligence system which is used in the Android phones and Google Home smart speakers.


According to sources the company is a statement cited their experts did transcribe a few of the anonymous recordings.


An investigation had been launched after it was found out that some Dutch audio data had been leaked.


Per sources the technology giant also said that in the process of developing technology of its AI products, transcribing a small set of queries is critical for which they collaborate with language experts around the world.


And it was one of these reviewers who allegedly leaked the Dutch audio data hence violating Google's security policies.


Actually, only 0.2% of all audio snippets are reviewed by the language experts, which especially are never associated with user accounts.



The investigation launched by the Security and Privacy Response teams is Soon to reach some result and all possible actions are being taken to deduct all chances of repetition.


Amazon also indulges in similar actions of listening to recordings of customers in relation with Alexa, its voice based assistant, mentioned a report.


Later Amazon admitted to the process and mentioned that the number of recordings was pretty small and imperative to train AI's responses.


There's a special provision for users though. They can always delete their recordings linked to their account by way of the Alexa Companion App.


Amazon Sued Over Illegal Retention of Child Recordings Through Alexa



Amazon is being sued by a Massachusetts woman for unlawfully recording and storing the voices of children with its Alexa-enabled devices; the lawsuit filed in Seattle this week, claims that Amazon is contributing to a massive database by harnessing private details of millions of Americans via voice recordings.
Children, as a matter of fact, don’t fully understand the “potentially invasive uses of big data by a company the size of Amazon” and they “use Alexa without any understanding or warning that Amazon is recording and voice-printing them”, according to the lawsuit.
Criticizing Amazon’s methodologies, the two law firms, Quinn Emanuel Urquhart & Sullivan and Keller Lenkner alleged that the company decides to retain the actual voice recordings in spite of having an option to encrypt user voices. According to the complaint filed by these firms on behalf of an anonymous minor, Amazon stores the voices to examine it in the future and deploy the same for commercial profit.
Referencing from the Lawsuit, “It takes no great leap of imagination to be concerned that Amazon is developing voiceprints for millions of children that could allow the company (and potentially governments) to track a child’s use of Alexa-enabled devices in multiple locations and match those uses with a vast level of detail about the child’s life, ranging from private questions they have asked Alexa to the products they have used in their home,
The company is “allowing workers around the world to listen to the voice recordings and creating voiceprints of the users, which can be used to identify them when they speak to other devices in other locations,” the lawsuit reads.
Referenced from the statements given by a spokeswoman to BBC, “Amazon has a longstanding commitment to preserving the trust of our customers and their families, and we have strict measures and protocols in place to protect their security and privacy.”
Commenting on the matter during his conversation with Yahoo Finance,” Travis Lenkner, one of the plaintiffs’ attorneys, said,
“The legal theory is very straightforward. These kids themselves never consented, if they even could. No one such as a parent ever consented on their behalf,”
“Amazon purports to obtain consent to record individuals who set up an Alexa-enabled device,” the complaint states. “But there is a large group of individuals who do not consent to be recorded when using an Alexa-enabled device and who use Alexa without any understanding or warning that Amazon is recording and voice printing them: children.”
“Every recording that is made of a child, by Amazon through the Alexa software in one of these nine states is ... a per se violation of the privacy laws of those states and carries statutory penalties along with it,”
Delving further into the matter, Lenkar explains “It builds voiceprints of individual users”, “so if a child uses an Alexa device in California, and then uses another one in Washington, Amazon theoretically knows it’s the same person.” The device creates a unique identity for each person based on their voice.”
The fact that Amazon could potentially overwrite the voice recordings and yet chose not to, given that doing so would not hinder the performance of the assistant, further worsens the matter on which the company is expected to provide answers in greater detail very soon.




Amazon granted patent for Bitcoin-style system

Cryptocurrency rumor mongers are likely to be dancing today as Amazon has successfully filed a patent for a Bitcoin-styled Proof-of-Work system. But don’t get ahead of yourself, it doesn’t look like the Seattle-based ecommerce giant will be accepting Bitcoin for payments.

Despite first being filed in December 2016, Amazon’s patent application was granted earlier this week and appears to outline a system that uses Proof-of-Work to prevent distributed denial-of-service (DDoS) attacks.

“One way to mitigate against such attacks is to configure a service such that requests to the service incur some sort of expense, thereby providing a disincentive to participating in the attack,” the application reads.

Planting a Merkle Tree

Amazon proposes to use Merkle Trees to present a Proof-of-Work challenge and make it too costly for a series of computers to perform a DDoS attack.

But what’s a Merkle Tree? In short, Merkle Trees are cryptographic tools where blocks of data are manipulated to give them a unique identifier also known as a hash.

These hashes are then manipulated again to create a parent hash. Parent hashes are always a combination of two or more child hashes. It’s layers on layers of hashed data.

Since computing power is required to build a Merkle Tree, performing such hashes could get very costly in terms of time, electricity, and resources. In turn, this makes DDoS attacks economically unfeasible.

In the case of Amazon’s patent, imagine having to construct a Merkle Tree before you’re allowed to access a website hosted on one of its servers. To an individual the cost might be insignificant, but to an organization trying to carry out a DDoS attack – which might involve many hundreds of computers – it could become prohibitively expensive.

Merkle Trees are also used in Proof-of-Work blockchains like Bitcoin as part of its consensus mechanism. But for now that’s as close as Amazon will get to Bitcoin.

Amazon's Alexa storing all the voice recordings





Amazon’s Alexa may delete your voice recordings but it keeps the automatically produced transcripts in the company's cloud, according to reports.

According to CNET report, all the voice commands said to the virtual assistant should be deleted from the server, but the company saves all the text logs. 

The company stores all its data on its cloud servers, which could not be deleted by the users. Meanwhile, the company claims that they are working to make the data inaccessible. 

"When a customer deletes a voice recording, we also delete the corresponding text transcript associated with their account from our main Alexa systems and many subsystems, and have work underway to delete it from remaining subsystems," an Amazon spokesperson said in an email.

After revelation of the report, more than a dozen consumer advocacy groups plan to file a complaint against the company with the Federal Trade Commission.

The company is violating federal laws as they are not seeking parental consent before collecting data on children through Echo devices. 

Amazon Hit by an “Extensive” Fraud; Reveals That Unidentified Hackers Were Able To Siphon Funds from Merchant Accounts




Amazon.com Inc. reveals that unidentified hackers were able to siphon assets from merchant’s accounts for over six months just the last year from the MNC.

The company believes that it was hit by quite an extensive fraud attack, this serious  attack which occurred between May 2018 and October 2018, had the attackers break into around 100 seller accounts and channel money from either loans or sales into their own respective bank accounts, as indicated by a U.K. legal document.

A redacted filing has been made by Amazon's legal advisors from November which was now made public.

While the MNC was still "investigating the compromised accounts" and trusted that hackers figured out how to change subtleties of the accounts on the Seller Central Platform to their very own at Barclays Plc and Prepay Technologies Ltd., which is mostly claimed by MasterCard Inc., as indicated by the filing. Amazon found that the accounts were likely undermined by phishing strategies that fooled the sellers into surrendering the confidential login data.

Since the attorneys for Amazon have asked a London judge to favour pursuits of account statements at Barclays and Prepay, which "have become innocently mixed up in the wrongdoing," the case is progressively being featured as the one where the world's greatest online retail platform is being abused and how troublesome it is for Amazon to locate the real culprits.

While Barclays declined to remark explicitly on the case and delegates for Prepay didn't return emails looking for their comments for the same. Amazon expressed its requirement for the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing," the company's legal counsellors said in the court filing.

The first fraudulent transfer is said to have been occurred on May 16, as indicated by the filing and Amazon said Tuesday that it issued more than $1 billion in loans to merchants in 2018.

Regardless it's unclear how much the hackers stole.

Hundreds of millions of Facebook users data exposed on Amazon cloud servers




Security researchers have found a large data trove exposed  to public on Amazon's cloud computing servers.

The security experts at a cybersecurity firm, UpGuard found two separate sets of Facebook user data on public Amazon cloud servers, the firm wrote a detail blogpost. 

One of the dataset that was exposed belonged to the Mexican media company Cultura Colectiva, which contained more than 540m records, including likes, comments, reactions, Facebook IDs, account names, etc. While, the other set belonged to a defunct Facebook app named ‘At the Pool’, which was significantly smaller, but contained plaintext passwords for 22,000 users.

‘’The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers,’’ the blogpost.

‘’Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak,’’ it further added.

However, Facebook has launched an investigation into the matter, but they do not the nature of the data, how it was collected or why it was stored on public servers. The company said it will inform users once they will find evidence that the data was misused.



Saudi Arabia behind Jeff Bezos' phone hack




The investigators of Amazon chief’s release of intimate images believes that Saudi Arabian authorities were behind it.

According to the security officer of Amazon boss Jeff Bezos 
the Saudi Arabian authorities hacked into his phone, and obtained private data from it. 

Gavin De Becker, a longtime security consultant, launched the investigation after the National Enquirer published intimate texts between Bezos and his mistress, a television anchor Lauren Sanchez.

Last month, Bezos accused the newspaper’s owner of trying to blackmail him with the threat of publishing 'intimate photos' he allegedly sent to Sanchez unless he said in public that the tabloid’s reporting on him was not politically motivated.

"Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos' phone, and gained private information," de Becker wrote on The Daily Beast website.

Last month,  the incident came into light when Mr Bezos acccused the owner of the tabloid of threatening him to publishing the ”intimate photos" that he allegedly sent to Ms Sanchez unless he did not publicly state that the tabloid's coverage of him was not politically motivated.




"US’ Giant Military Contract Has a Hitch", Says Deap Ubhi, an Entrepreneur of Indian Descent.





The founder of a local search site “Burrp!”, Deap Ubhi is a lesser known entrepreneur.

He joined Amazon in 2014 and motivated start-ups and other organizations to embrace cloud computing products.

He in less than a couple of years left, on a journey to start a company that furnished technology to restaurants.

Later on, he joined a Pentagon effort to employ techies. He wished to make a super effective search engine and according to what he said, also to help American people.

But as it turns out, Ubhi’s part in the Pentagon has landed him right in midst of one of the most prominent federal IT contracts.

A $10 billion deal of getting cloud computing to Pentagon, attracted the top tech companies when the project was announced in 2017.

Microsoft, Amazon, IBM, Oracle and Google, all wanted to seal the deal in their own ways.



But there was a catch to it all; the contract would go to only ‘one’ cloud vendor. And Amazon happened to close the deal with the capability of fulfilling Pentagon’s demands.

This is where Ubhi came in, especially his ties with Amazon, a place where he now works again.

Oracle, who under no circumstances could have landed the deal, vehemently criticized the one-vendor attitude.

The organization is now fighting in a federal court about Ubhi’s alleged inclination towards Amazon and its effect on the said deal.

Before the suit was filed, Pentagon had no found no suspicious influence of Ubhi and hence kept evaluating the deal despite Oracle’s lawsuit.

Further on, more information about Ubhi was discovered and Pentagon declined a request for disclosing it.

The winner of the deal was to be announced in April. When contacted by Amazon, both Ubhi and Pentagon refused to comment.

Oracle didn’t comment on the issue outside the court but during the proceedings it mentioned Ubhi’s outspoken inclination towards Amazon by providing the proof of a tweet via Ubhi’s handle.

According to the White house press secretary, the president of the US is not a part of this war of the vendors.



President Trump has never been involved in a government contract before so if he as much as even points at something regarding this situation it would be a first.

The cloud contract is being overseen by a Defense Department Procurement Official, commonly known as the Joint Enterprise Defense Infrastructure (JEDI).

The detection of the officials who’s actually chose the winner has not been made yet.

The Pentagon’s transition to cloud computing is being seen to by a team directed by the chief information officer, Dana Deasy.

Cloud computing would contribute a lot in the battlefield and hence the American government is keen on giving the contract to the best.

Reportedly, for some time Ubhi worked on a market research for JEDI while he was working at Pentagon.

Oracle in the court cited the internal documents where Ubhi articulated support towards a single cloud approach.

Oracle also thinks Ubhi had something to do with the decision to select a single cloud provider.



In return, Amazon said that Ubhi worked on JEDI only for seven weeks that too at the early stages and that there were over 70 people involved in the development.

Amazon and Ubhi’s ‘Tablehero’ were to engage in a partnership of which there is no proof as yet. Ubhi hasn’t been replying to the emails of investors either.

Pentagon mentioned that the single cloud would let the movement be faster and ensure more security. This statement was later asserted by the Government Accountability Office.

Both IBM and oracle filed heavy protests against the Government accountability Office which was later denied in Oracle’s case and rejected for IBM.

Oracle, which has a small cloud market shares, then took the issue to the federal courts of the US.

The Oracle lawsuit stands to profit Microsoft as it now has improved capabilities and hence could be a strong competitor to Amazon.

It doesn’t matter whether Ubhi molded the contract. Pentagon’s justifications support its decision to use a single cloud approach.

The major motivation behind the decision has always been helping the defense make better data driven decisions.

Amazon, Microsoft calls for Regulation on Face Recognition




Amazon is batting in favor of regulating and legislating the use of facial recognition technology and has written a  long, detailed blog post detailing its stand on the issue.

In the blog post written by the Vice-President of Global Public Policy at Amazon Web Services (AWS),  Michael Punke, the company revealed its "proposed guidelines" for the use of the technology by the companies, so that it cannot be used to discriminate. 

Punke wrote that the company “supports the creation of a national legislative framework covering facial recognition through video and photographic monitoring on public or commercial premises.”

Amazon has faced criticism after tests by civil rights groups and ACLU found out that Amazon's face Rekognition functions are less accurate for black people. In January, two researchers reported an Amazon Web  Services that determine the gender of the people in photos is also less accurate in the case of black women. 

However, Amazon refuted the claims of the studies saying that the Rekognition was “not used properly"  by the researchers.
Amazon wants legislation “that protects individual civil rights and ensures that governments are transparent in their use of facial recognition technology,” Punke wrote. 
The blog post is seen as the move to counter the facial recognition backlash.

Artificial Intelligence Is What’s Protecting Your Microsoft, Google And Similar Accounts





Artificially intelligent systems are quite on the run these days. The new generation believes a lot in the security system which evolves with the hackers’ trickery.

Microsoft, Google, Amazon, and numerous other organizations keep the faith in artificially intelligent security systems.

Technology based on rules and designed to avert only certain and particular kinds of attacks has gotten pretty old school.

There is a raging need for a system which comprehends previous behavior of hacking or any sort of cyber attacks and acts accordingly.

According to researchers, the dynamic nature of machines, especially AI makes it super flexible and all the more efficient in terms of handling security issues.

The automatic and constant retaining process certainly gives AI an edge over all the other forms.

But, de facto, hackers are quite adaptable too. They also usually work on the mechanical tendencies of the AI.

The basic way they go around is corrupting the algorithms and invading the company’s data which is usually the cloud space.

Amazon’s Chief Information Security Officer mentioned that via the aforementioned technology seriously aids in identifying threats at an early stage, hence reducing the severity and instantly restoring systems.

He also cited that despite the absolute aversion of intrusions being impossible, the company’s working hard towards making hacking a difficult job.

Initially, the older systems used to block entry in case they found anything suspicious happening or in case of someone logging in from an unprecedented location.

But, due to the very bluntness of the security system, real and actual users get to bear the inconvenience.

Approximately, 3% of the times, Microsoft had gotten false positives in case of fake logins, which in a great deal because the company has over billions of logins.

Microsoft, hence, mostly calculates and analyzes the technology through the data of other companies using it too.
The results borne are astonishing. The false positive rate has gotten down to 0.001%.

Ram Shankar Siva Kumar, who’s Microsoft’s “Data Cowboy”, is the guy behind training all these algorithms. He handles a 18-engineer team and works the development of the speed of the system.

The systems work efficiently with systems of other companies who use Microsoft’s cloud provisions and services.

The major reason behind, why there is an increasing need to employ AI is that the number of logins is increasing by the day and it’s practically impossible for humans to write algorithms for such vast data.

There is a lot of work involved in keeping the customers and users safe at all times. Google is up and about checking for breachers, even post log in.

Google keeps an eye on several different aspects of a user’s behavior throughout the session because an illegitimate user would act suspiciously for sure, some time or the other.

Microsoft and Amazon in addition to using the aforementioned services are also providing them to the customers.

Amazon has GuardDuty and Macie which it employs to look for sensitive data of the customer especially on Netflix etc. These services also sometimes monitor the employees’ working.

Machine learning security could not always be counted on, especially when there isn’t enough data to train them. Besides, there is always a worry-some feeling about their being exploited.

Mimicking users’ activity to degrade algorithms is something that could easily fool such a technique. Next in line could be tampering with the data for ulterior purposes.

With such technologies in use it gets imperative for organizations to keep their algorithms and formulae a never-ending mystery.

The silver lining though, is that such threats have more of an existence on paper than in reality. But with increasingly active technological innovation, this scenario could change at any time.