MWC: All the innovations and expertise we shared

Nacho Palou    2 March, 2023

Following four intense days, Mobile Word Congress (MWC) 2023 bids farewell today until next year. Since opening its doors last Monday, attendees have had the opportunity to see the latest innovations in the field of mobile connectivity first-hand.

Telefónica Tech participated in MWC 2023 with a wide range of activities this year, including presentations, demos and professional meetings on next-generation digital technologies and solutions for the digitalisation of companies at a stand that extended further than the physical space, into the metaverse and beyond.

In this post we collect and summarise the main activities in which we have participated in this edition of the MWC.

Demos of our digital technologies

Smart Agriculture Solutions

Making Smart Agro Happen, MWC2023

The Making Smart Agro Happen demo, applied to a vineyard at Bodegas Godeval, reiterated our commitment to bringing digitalization to all economic activities and sectors, including agriculture, by showcasing how digitalization and new-generation technologies can improve productivity, resilience, and sustainability in agriculture.

The demo included precision agriculture solutions, smart irrigation management, Artificial Intelligence algorithms to prevent diseases and pests, and the optimization of resources such as water and fertilizers.

Furthermore, it was shown how Blockchain technology can certify and protect entries in the digital field notebook, enables the traceability of production processes and the certification of the origin of the products.

Smart industry and digital twins

Making Smart Industry Happen, MWC 2023

With the Making Smart Industry Happen demo, we show how a ‘digital twin’ works using technologies such as 5G, Edge Computing, data analytics, and machine learning to optimize industrial part production and make real-time decisions.

The digital twin includes a robotic arm that simulates the construction of an industrial part, and its movement is synchronized with a digital representation of the part.

This helps detect potential failures and improve efficiency and quality in the manufacturing process, which in turn reduces energy and material consumption, increasing profitability.

Indoor Insights with Computer Vision

Using C2RO’s computer vision technology, which is part of our solution portfolio, and by placing cameras in our booth and applying Artificial Intelligence algorithms, we could constantly and in real time know how many people were visiting us in different areas and have knowledge of how things were unfolding.

This Indoor Insights solution allows for understanding the flow and anonymous behavior of visitors, which aids in data-driven decision-making.

Quality Control in Industrial IoT

At the Amazon Web Services (AWS) booth, we demonstrated an example of Industrial IoT (IIoT) usage for quality control in manufacturing, production, and logistics processes (using cameras, 5G connectivity, and our Edge Computing solutions) to ensure that products and services meet the required quality standards set by the manufacturer, customers, and regulators.

Talks, presentations and expert sessions

Conference The Smart Factory: Manufacturing, Maintenance, and Logistics, with Darío Cesena (Geprom Connecting Industries | Part of Telefónica Tech), Pablo Martin García (NTT DATA), and Jesús Martín Tello (NTT DATA).
  • Mobile identity APIs: the road to success. Our expert Glyn Povah, participated in a talk on Mobile Identity APIs, the next step to guarantee and protect the identity of users thanks to the mobile. This technology combines SIM-based solutions and mechanisms such as facial recognition or biometric authentication to identify the user.
    • Mobile Identity APIs help prevent fraud, duplicate cards or identity theft and guarantee the user’s identity in critical applications in sectors such as healthcare, finance and public administrations, among others.
  • The smart factory: manufacturing, maintenance and logistics. Dario Cesena, CEO of Geprom, Part of Telefónica Tech, participated in this presentation dedicated to connected factories. Solutions based on connectivity technologies, Cloud and Edge Computing, Cyber Security and AI of Things (Internet of Things, Big Data and Artificial Intelligence) allow optimising operational management, digitising systems and processes, making production more efficient and sustainable or collecting, analysing and correlating data, helping to make business decisions in real time.
  • Juanjo González, IoT connectivity product manager at Telefónica Tech AI of Things, participated in 5G IoT Connection: from space to the whole world, a panel dedicated to 5G and LPWA connectivity technologies that are driving the mass adoption of IoT devices. The session delved into our solution developed with SatelIoT that can provide satellite connectivity to IoT devices to provide global coverage, even in remote locations, as a complement to terrestrial communications.
  • In the Aristeo session the industrial God of OT bees, our colleague José Cascallana, manager at Telefónica Tech’s C4IN Cybersecurity Centre, demonstrated how Aristeo approaches industrial Cyber Security in a native way, deploying real industrial systems all over the internet as honeypots.
    • In this way, Aristeo contributes to generate intelligence and knowledge that helps to identify and stop threats when they pose a risk to our customers’ infrastructures.
  • In the Digitalisation of the mining industry: the success of our customers, our Director of Industry 4.0 and New Business, Andrés Escribano, and Jorge Azaldegui, Head of Sales Specialists, discussed with Klever Morvely, manager at Minera Las Bambas, the growing need in the mining industry to adopt digital solutions that make their operations more efficient and sustainable, that add value to their processes and optimise their results through data, while reducing the human risks associated with mining activity.
  • José Luis Núñez, Global Head for Blockchain & web3 at Telefónica Tech, anticipated in the DeFi-ning Opportunities session the next generation of financial services thanks to decentralised finance (DeFi, powered by Blockchain and web3 technology) that are challenging centralised financial systems for the benefit of people thanks to disruptive, accessible and secure solutions.
  • Javier Zorzano, Head of Technology of Telefónica Tech AI of Things, and Shahbaz Ali, Head of Product of SatelIoT, participated in the 5G IoT Summit: Hybrid NB-IoT and Satellite Solutions. This event was dedicated to 5G connectivity as a key technology for interconnecting and operating billions of IoT devices for countless purposes.
    • At the 5G IoT Summit we heard use cases and success stories that implement these technologies, enabling new business models, making production processes and company operations more efficient, saving time, resources and money, and reducing their environmental impact.
  • The Smart and sustainable agriculture session by Ana Pociña and Paz Revuelta, product manager at Telefónica Tech AI of Things, was dedicated to how new generation digital technologies, such as Smart Agriculture solutions, are essential for the agricultural sector, to address challenges such as water scarcity, rising prices of resources and raw materials, increased demand, climate change or the growing interest of consumers in consuming local, healthy and sustainably produced food.
  • In 5G Revenue monetization business models and platforms for non-linear growth, our colleague Bernardo Campillo, Head of Industry Partnerships at Telefónica Tech AI of Things, addressed how to tackle some of the biggest challenges for adopting cutting-edge digital technologies, such as high investment or the difficulty of demonstrating return on investment in some cases. The Open Gateway initiative, in collaboration with GSMA, aims to align all ecosystem actors to promote collaboration and innovation, and to share risks and benefits.

Our new Transformation Handbooks

As usual, on the occasion of the MWC we have published two new Transformation Handbooks that explain with use cases and success stories why and how digitalisation is key to the progress and sustainability of our society.

You can download them in English, in PDF format, directly from here:

—You can also freely access and download the Transformation Handbooks from the 2022 edition and 2021 edition.



José María Álvarez-Pallete, President of Telefónica and GSMA, presented at Mobile World Congress the GSMA Open Gateway. This initiative brings together more than twenty major operators so that telecommunications companies can share open and standardized APIs with the industry, large technology companies, hyperscalers, aggregators, and service developers. This will provide universal access to 5G networks and telco infrastructures from different operators.

In this way, the networks of operators become platforms on which to develop new services and business models, benefiting the entire digital ecosystem, users, and companies. Among the uses and applications of networks as platforms are the automation of industry, autonomous driving, remote surgeries, gaming, emergency management, holographic communications, or virtual and immersive worlds.

The 9th century mathematician who laid the foundations of Artificial Intelligence

Nacho Palou    1 March, 2023

Algorithm is a very trendy word, as it relates closely to automation, data-driven decision making, and Artificial Intelligence in the digital realm.

Algorithms are used in many machine learning systems and neural networks to perform tasks such as image classification, pattern recognition, or data generation, including content like text, images, or music.

An algorithm is a defined series of specific steps to perform a particular task or solve a problem.

Nowadays, algorithms are present in many common systems and applications: they determine what posts we see on social media, which route we take with GPS, what news we read, or what suggestions are shown to us on online stores or streaming platforms, to name just a few examples.

Al-Juarismi and the origin of algorithms

However, algorithms are not a modern phenomenon. Their origins can be traced back to ancient times. They were probably used as early as ancient Babylon in 2500 BC, and continued to be developed in later cultures including Egyptian, Greek, and Indian. One of the most well-known is Euclid’s algorithm, developed around the 3rd century BC.

More “recently,” in the 9th century, the Persian mathematician Al-Juarismi (or al-Khwarizmi) compiled his mathematical works in a compendium that he published around 825 AD, contributing to laying the foundations of algebra and modern mathematics, including the numerical systems we use today.

How to start programming in Artificial Intelligence: languages, tools and recommendations

Al-Juarismi’s publication included a series of solutions to algebraic problems and described methods for solving linear and quadratic equations (of first and second degree, respectively, essential in programming and problem-solving in science, engineering, and technology) using a set of rules and procedures that we now know as algorithms.

On the origin of the term algorithm, the most widely held belief points to the Latinization of the name Al-Juarismi (Algorizmi), which later derived into algorismus, although its exact etymology is not entirely clear.

Al-Juarismi was a highly influential author in the Middle Ages due to his contributions to mathematics, astronomy, and geography.

In any case, the term ‘algorithm’ was adopted in medieval Europe to refer to the methods of the Persian mathematician, an author of significant influence for his significant contributions to mathematics, astronomy, and geography.

Due to his contributions to modern mathematics, Al-Juarismi can also be considered one of the primordial fathers of computing, as his work in solving problems through algorithms has been fundamental to the development of computer science.

Currently, algorithms are essential for programming and the functioning of most computer systems. They are used to solve a wide variety of problems in fields such as Artificial Intelligence, cryptography, computer security, or process optimization, among other uses.

Algorithms and Artificial Intelligence

In the field we are concerned with, algorithms provide a framework for Artificial Intelligence systems to learn and evolve.

Thanks to them, Artificial Intelligence can perform complex tasks such as natural language processing, identifying anomalies and objects in images, generating content, or detecting patterns among large volumes of data and making decisions based on that information.

Ghosts in the machine: does Artificial Intelligence suffer from hallucinations?

However, algorithms are not the only thing needed to develop Artificial Intelligence systems. Large amounts of relevant and high-quality data, as well as computer resources with the necessary power and capabilities to process them, are also necessary.

In addition, ethics, privacy, transparency, and security are also important aspects to consider when building trustworthy Artificial Intelligence, as its application can have a significant impact on people and society.

Featured photo: Charles Deluvio / Unsplash

Nacho Palou
Nacho Palou

Marketing & Comms en Telefónica Tech. Apasionado de las tecnologías disruptivas y también de las obsoletas. Cuando no escribo hago fotos.

Cloud Computing as a key player in the future of the logistics sector

Roberto García Esteban    27 February, 2023

The pandemic has triggered an increase in the use of e-commerce around the world. As a result, consumers are becoming increasingly demanding in terms of delivery times and shipment reliability.

Thus, the logistics sector, understood as all those operations that must be carried out to get a given product to the consumer from the warehouse of the company that produces it, is transforming at full speed in order to meet the demands of both the companies that make use of its services and consumers.

The key to this transformation is to ensure the traceability of shipments at any time, with the difficulty that in logistics we find very heterogeneous systems, from different companies and that are not usually connected to each other.

Metacloud: a cloud of clouds

Cloud Computing comes to the rescue for logistics companies

The challenge is more complicated because in this sector, data must be collected from objects that are on the move all over the world in trucks, containers or simply on forklifts in warehouses.

As in so many other sectors, Cloud Computing comes to the rescue for companies that need to cope with all this complexity as it is the perfect solution to manage decentralised environments and save investments in systems and maintenance.

Cloud helps to save costs and makes it easier to respond to seasonal peaks in demand

The use of the Cloud helps to save costs, since you only pay for the resources consumed and, as a result, it allows you to adapt the available resources to demand, making it easier to cope with seasonal peaks in demand (Black Friday, Christmas, etc.).

In addition, the information stored in the cloud becomes accessible from mobile devices that can be on the move anywhere in the world, which is essential in the logistics sector.

AI of Things (X) 10-minute delivery: how Artificial Intelligence optimises delivery routes

Cloud Computing advantages for the logistics sector

There are therefore several advantages that Cloud Computing brings to the logistics sector:

  • Real-time inventory management, to facilitate an agile response to fluctuations in demand. Cloud Computing provides better visibility of all the processes involved in the supply chain, enabling supply chain managers to influence them in near real-time.
  • Dynamic pricing, depending on cost fluctuations or price changes made by competitors, allowing margins and profitability to be preserved.
  • Systems integration. The logistics sector involves a variety of systems managed by different companies. Without seamless communication between these systems, process efficiency will suffer. Cloud technology plays a key role in facilitating this coordination between systems, synchronising and monitoring processes in real time and improving the controllability of the entire model.
  • Augmented intelligence: when all elements of the supply chain are connected, advanced analytics can be implemented to improve decision-making. Demand can be anticipated by analysing large volumes of data (e.g., vehicle sensor data, social media trend analysis or weather reports) to create accurate demand evolution scenarios.
  • Rapid scalability: making the leap to Cloud Computing makes it possible to adjust the availability of IT resources, taking into account market conditions and customer demands.

In short, Cloud Computing allows communications between the different components of the supply chain to be agile and capable of being monitored in real time. This accelerates speed to market, adapting to peaks in demand and achieving seamless interoperability between different platforms and systems.

Cloud is therefore synonymous with collaboration, flexibility, savings, efficiency and agility, also applied to the logistics sector.

Featured photo: Adrian Sulyok / Unsplash

Cyber Security Weekly Briefing, 18 – 24 February

Telefónica Tech    24 February, 2023

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb

Fortinet has issued a security advisory fixing two critical vulnerabilities affecting its FortiNAC and FortiWeb products.

The security flaws have been registered as CVE-2022-39952, with a CVSSv3 of 9.8, which affects FortiNAC and could allow an unauthenticated attacker to execute unauthorised code or commands via a specially crafted HTTP request.

The other vulnerability, identified as CVE-2021-42756, has a CVSSv3 of 9.3, affects FortiWeb and its exploitation could allow an unauthenticated remote attacker to perform arbitrary code execution via specially crafted HTTP requests.

Fortinet recommends that affected users upgrade FortiNAC to versions 9.4.1, 9.2.6, 9.1.8, and 7.2.0 on the one hand, and upgrade FortiWeb to 7.0.0, 6.3.17, 6.2.7, 6.1.3, and 6.0.8 or later on the other hand.

More info

* * *

Access credentials of two major data centre operators exposed

The Resecurity team has published an investigation into the sale of login credentials of two data centre operators in Asia, namely GDS Holdings Ltd. (China) and ST Telemedia Global Data Centres (Singapore).

The security incidents, which have yet to be clarified, took place in 2021, but only became public knowledge on 20 February, when the stolen data was published on an underground forum. Among the exfiltrated data are credentials, emails, phone numbers or ID card references, with an estimated compromise of more than 3,000 records in total.

Indirectly, large global corporations that used these data centres have also been compromised, with logins of companies such as Apple, BMW, Amazon, Walmart, Alibaba, Microsoft and Ford Motor, among others, being exposed.

It should be noted that both data centres forced their customers to change their passwords last January, although Resecurity has confirmed several attempts to access different customer portals.

Finally, it should be noted that researchers have also been unable to attribute these attacks to any particular group.

More info

* * *

Fake ChatGPT applications used to distribute malware

Kaspersky researchers are warning of a fake Windows desktop version of ChatGPT being used to distribute malware.

The authors of this campaign, taking advantage of the growing popularity of the OpenAI chatbot, are reportedly using social media accounts to advertise the platform and include a link to the supposed download site.

Some of the profiles identified by Kaspersky also offered trial accounts to increase the interest of potential victims. Once the download is complete, an error message is displayed warning of a problem with the installation, while in reality a Trojan with infostealer capabilities has been downloaded and named “Fobo”.

Cyble’s intelligence team has also investigated the same campaign distributing other malware families such as the Lumma and Aurora stealers. Security researcher Dominic Alvieri has also published about other cases of campaigns distributing the RedLine stealer.

More info

* * *

​Vulnerabilities in VMware products

VMware has issued two security advisories warning of two critical vulnerabilities affecting several of the company’s products:

  1. The most critical security flaw has been reported as CVE-2023-20858, with a CVSSv3 of 9.1 according to the vendor, which affects Carbon Black App Control.
    • Exploiting this vulnerability could allow a malicious actor to use a specially crafted entry in the App Control management console to gain access to the server’s operating system.
  2. Another vulnerability has been published as CVE-2023-20855, with a CVSSv3 of 8.8 according to the vendor, which impacts vRealize Orchestrator, vRealize Automation and Cloud Foundation products.
    • In this case, a malicious actor could use specially crafted entries to bypass XML parsing restrictions that terminate access to sensitive information or allow privilege escalation on affected systems.

More info

* * *

Phishing campaign via PayPal

Avanan researchers have reported a new phishing campaign sent from the PayPal platform.

The malicious actors are taking advantage of the ease of creating free PayPal accounts, which offer the ability to create and send invoices to multiple recipients at once. In this way, the messages received by the victims come directly from the PayPal domain, circumventing possible security detections.

In the detected campaign, several messages have been observed in which victims are told that their account has been debited, and that in case it has not been authorised, they should call a telephone number.

This phone number is not associated with PayPal, and by calling it the attackers get the victims’ phone number and other personal details, which can be used in future attacks.

Due to the difficulty of implementing security measures to block these emails, researchers recommend searching for the phone number on the Internet in order to see whether or not it is related to PayPal.

More info

Cyber Security State: Top Threats, Risks and Vulnerabilities

Innovation and Laboratory Area in ElevenPaths    23 February, 2023

There are many reports on security trends and summaries, but at Telefónica Tech we want to make a difference. The Innovation and Lab team has just launched our own Cyber Security report that summarises the highlights of the second half of 2022.

Its philosophy is to offer a global, concrete, and useful overview of the most relevant data and facts about Cyber Security, and it is designed to be consumed by both professionals and amateurs in a simple and visually attractive way.

The aim of this report is to summarise the Cyber Security information of the past months in order to help the reader, understand the risks of the current landscape.

The information gathered is largely based on the compilation and synthesis of internal data, cross-checked with public information from sources we consider to be of high quality. The following are some of the points that are important to us.

News highlights

The second half of 2022 has been characterised by several attacks on large companies that have caused a lot of talk.

Uber, for example, which used a very human way of circumventing the second authentication factor: the “fatigue” of the administrator by receiving dozens of messages asking for confirmation of access, in a short period of time and also at inappropriate times.

Another high-profile attack on LastPass has once again called into question the security of using cloud-based password managers. Many other companies and even countries have suffered attacks, although we have only seen them reflected in their consequences: the leaks. In the last half of 2022. Cisco, Microsoft, Toyota, Revolut And even the personal data of the Chinese population has been leaked.

Artificial Intelligence, ChatGPT, and Cyber Security

Mobile Security

Regarding Android, it releases a set of patches every month, usually within the first week.

In total, 256 patches have been released to fix various vulnerabilities spread across the six bulletins. Of those 256 patches, 14 fix vulnerabilities that have been rated as critical and could facilitate remote execution of arbitrary code.

This brings to almost 500 the number of vulnerabilities patched in 2022. Similar to last year but less serious overall.

Concerning iOS, the second half of 2022 closed with 167 unique vulnerabilities patched, around thirty of which are considered high-risk, with the possibility of executing arbitrary code.

Some of them affecting the operating system kernel itself. This brings to a close 2022 with 261 bugs patched. The annual number of bugs has continued to grow since the peak of 2017.

Governments sometimes need to rely on large organisations to help them carry out their work. When a threat involves knowing the identity or having access to the data of a potential attacker or a victim in danger, the digital information stored by these companies can be vital to the investigation and avert a catastrophe.

Apple publishes a comprehensive report every six months on what data is requested by governments, which data is requested and to what extent the requests are fulfilled. We update here some data that we have extracted from the information published by Apple for the first half of the year 2021 (the latest published by Apple) on the activities and requests from governments to the company.

This semester, the German government is the one that has generated the most requests for information about devices.

Threats study by indicator

We have conducted, in collaboration with Maltiverse, a ranking study of the indicators of compromise detected on their platform. In other words, to indicate interesting attributes of maliciousness detected in IP addresses, domain names and URLs over the last six months.

We have studied 650,000 urls categorised as malicious. About 20% of the IPs have been seen performing some kind of brute force against authentication systems. This means, for example, making thousands of requests with username and password combinations against an SSH server.

🔵 Download the full report here (PDF)

Photo: True Agency / Unsplash

Decentralised social networks: Could this be the first Web3 service to reach the mass public?

Jorge Ordovás    21 February, 2023

If we had to highlight one of the most relevant proposals in the field of Web3 during the last months of 2022, we would probably have to talk about the rise of decentralised social networks, which the World Economic Forum points to for 2023 as one of the trends that could become tangible and provide value in the decentralised ecosystem most quickly.

Several factors are behind this trend, which have probably been encouraged by some of the decisions taken by Twitter after the purchase of Elon Musk:

  • Concerns about privacy and control of personal data have increased, and many people are looking for alternatives to traditional platforms that collect and profit from the information generated by their users. Decentralised social networks allow users to have more control over their data and privacy, as well as define new monetisation mechanisms for content generators.
  • Growing awareness of the importance of decentralisation and the need for a more open internet. Decentralised social networks are not controlled by a single company or entity, making them more resistant to censorship and manipulation, and facilitating the possibility of using different applications while keeping the data under the control of the user, not the platforms providing the service.
  • Opacity of the algorithms used by today’s social networks, which are often challenged for their ability to tailor the results obtained by their users to suit their interests. Decentralised social networks offer a more neutral and objective experience.

Two decentralised social networking solutions currently stand out for their maturity: Lens Protocol and Farcaster. Both share this general value proposition but, as we will see below, they differ in some aspects of their implementation.

Lens Protocol

Lens Protocol is a decentralised social networking protocol created in 2022, right in the middle of the explosion of NFTs, which probably conditioned Lens to fully rely on the non-fungible token standard (ERC-721) to build a decentralised ecosystem.

When we register a Lens profile, it is created as an NFT in our wallet. When we follow someone on Lenster (a Twitter-like application) we create a “follower” NFT on the chain. And so on, any post we make or share is recorded in Polygon, the public blockchain network on which the solution is built.

One of the most relevant aspects is the separation that Lens (and decentralised social networks in general) makes between data and tools (both creation and consumption), allowing developers to create applications by connecting and integrating different web3 and web2 solutions, or data on and off the blockchain, all using the LensAPI.

Aplicaciones en el ecosistema de Lens. Fuente: The Block Research

Lens now has more than 100,000 users, who have generated more than 1.4 million posts so far, since its launch in the middle of last year.

Farcaster

Social networks generate an enormous volume of data. Storing all posts, shares and favourites on the blockchain is expensive, burdensome and challenging on a large scale.

However, perhaps including all that is overkill and all we need on-chain are the most essential primitives, such as one’s identity and the ability to read and write data, to have a trusted ecosystem.

This is Farcaster’s approach. The main difference compared to Lens is its minimalist approach to data storage on the blockchain, which its creators call “sufficient decentralisation”.

What is happening with the public Ethereum network and will it ever be scalable?

In this way, Farcaster’s proposal is to build an open-source protocol and network architecture that allows any developer to query Farcaster’s data and create different and customised clients (applications) on top of this data layer, in the same way that Gmail, Apple Mail or Outlook are based on the SMTP email protocol.

Farcaster is currently built on the Ethereum proof network (Goerli), which it uses to manage user identity in a secure and decentralised way through smart contracts, while all the data of the social network itself is managed outside the blockchain, through a network of nodes called Hubs, which guarantee the propagation of changes in real time so that all the applications (connected to them) have a single, homogeneous view of the information.

Farcaster Hub architecture and interactions. Source: Farcaster github

An application is a programme developed to make it easier for users to interact with the Farcaster network. Users can choose the type of application that best suits their needs and switch between them at any time, while maintaining the same information (which resides on the network).

There have been about 30 applications developed on top of Farcaster by the end of 2022, including a customer very similar to Twitter, which allows posting content, responding to other users and sharing their posts, sending direct messages, receiving notifications of mentions, searching for users and content, etc.

The Merge: one small step for Web3, one giant leap for Ethereum

Some Twitter functions (such as hashtags) do not exist in Farcaster, and the type of content that can be shared is currently more limited (only images or links) to initially reduce the volume of information generated.

It is possible to configure in this application one or more Ethereum accounts associated with the user profile, thus allowing among other things to use the NFTs they contain as avatar (getting a purple check).

Farcaster customer for Android (you can check the NFTs associated with each account).

Farcaster currently has more than 9,000 users (after a particularly significant growth since October 2022) and has more than 450,000 published messages. It should be noted that new user registrations are very restricted (they are processed manually, by invitation).

The most relevant targets for the Farcaster team in the first half of 2023 are:

  • Gain credibility as a neutral network, making it easy for anyone to run a Hub to decentralise storage.
  • Reach 5000 active users/day (5% weekly growth).
  • Migrate identity to the Ethereum core network.
  • Increase network scalability.
  • Improve user experience and APIs for developers.

Conclusion

The main challenge facing these decentralised social networks is to confirm the value proposition, define the incentive mechanism to attract content generators and consumers, and above all, establish the business model to sustain their activity, something that is not yet clear (and that not even companies like Twitter have managed to land so far).

We will see if the trend continues in 2023 and Lens, Farcaster or other proposals manage to become the first mass-use web3 applications, beyond the ecosystem of early adopters from the crypto world.

The 7 priorities of a company when adopting Blockchain

Featured photo: Clarisse Croset / Unsplash

Leave a Comment on Decentralised social networks: Could this be the first Web3 service to reach the mass public?
Jorge Ordovás
Jorge Ordovás

Tengo más de 20 años de experiencia en el desarrollo de Servicios TI, liderando proyectos de Transformación Digital para grandes empresas en múltiples sectores (Servicios Móviles, Servicios Financieros, Seguridad, eHealth, Energía, Cloud...). Actualmente soy corresponsable del equipo de Blockchain en Telefónica IoT & Big Data Tech. Mi trabajo consiste en identificar el verdadero potencial de transformación de esta tecnología, definir la estrategia y el posicionamiento de Telefónica, y hacer realidad proyectos en distintos ámbitos (eficiencia de procesos, tokenización, identidad, infraestructura...) con nuestras soluciones, como TrustOS.

Ghosts in the machine: does Artificial Intelligence suffer from hallucinations?

Javier Coronado Blazquez    20 February, 2023

Artificial Intelligence (AI) content generation tools such as ChatGPT or Midjourney have recently been making a lot of headlines. At first glance, it might even appear that machines “think” like humans when it comes to understanding the instructions given to them.

However, details that are elementary for a human being turn out to be completely wrong in these tools. Is it possible that the algorithms are suffering from hallucinations?

Science and (sometimes) fiction

2022 was the year of Artificial Intelligence: we saw, among other things, the democratisation of image generation from text, a Princess of Asturias award, and the world went crazy talking to a machine that had the power to last: OpenAI’s ChatGPT.

Although it is not the aim of this article to explain how this tool works, as it is outlined in Artificial Intelligence in Fiction: The Bestiary Chronicles, by Steve Coulson (spoiler: written by herself), we can say that, in short, it does try to imitate a person in any conversation. With the added bonus that she might be able to answer any question we ask her, from what the weather is like in California in October to defending or criticising dialectical materialism in an essay (and she would approach both positions with equal confidence

Why browse through a few pages looking for specific information when we can simply ask questions in a natural way?

The same applies to AI image generation algorithms such as Midjourney, Dall-e, Stable Diffusion or BlueWillow. These tools are similar to ChatGPT in that they take text as input, creating high quality images.

Examples of the consequences of mind-blowing Artificial Intelligence

Leaving aside the crucial ethical aspect of these algorithms —some of which have already been sued for using paid content without permission to be trained— the content they generate may sometimes seem real, but only in appearance

For instance,

However, as the headline suggests, as soon as we start to look at them more closely we see details that don’t quite add up: mouths with more teeth than usual, hands with 8 fingers, limbs sticking out of unexpected places… none of these fake photos pass a close visual examination.

Artificial intelligence learns patterns and can reproduce them, but without understanding what it is doing.

This is because, basically, all the AI does is learn patterns, but it doesn’t really understand what it is seeing. So if we train it with 10 million images of people at parties, it will recognise many patterns: people are often talking, in various postures, holding glasses, posing with other people… but it is unable to understand that a human being has 5 fingers, so when it comes to creating an image with someone holding a glass or a camera, it just “messes up”.

But perhaps we are asking too much of the AI with images. If you’re a drawing hobbyist, you’ll know how difficult it is to draw realistic hands holding objects.

Photo: Ian Dooley / Unsplash

What about ChatGPT? If you are able to write an article for this blog, you might not make mistakes like that. And yet ChatGPT is tremendously easy to fool, which is not particularly relevant. It is also very easy to fool us without us realising it. And if the results of a web search are going to depend on it, it is much more worrying.

In fact, ChatGPT has been tested by hundreds of people all over the world in exams ranging from early childhood education tests to university exams to entrance exams.

In Spain, he was subjected to the EVAU (the old university entrance exam) History test, in which he got a pass mark. “Ambiguous answers”, “overreaching to other unrelated subjects”, “circular reiterations”, “incomplete”… are some of the comments that professional correctors gave to his answers.

A few examples:

  • If we ask what is the largest country in Central America, it might credibly tell us that it is Guatemala, when in fact it is Nicaragua.
  • It may also confuse two antagonistic concepts, so that if we wanted to understand the differences between the two, it would be confusing us. If, for example, we were to use this tool to find out whether we can eat a certain family of foods if we have diabetes and it gave us the wrong answer, we would have a very serious problem.
  • If we ask him to generate an essay and cite papers on the subject, it is very likely that it will mix articles that exist with invented ones, with no trivial way of detecting them.
  • Or if we ask about a scientific phenomenon that does not exist, such as “inverted cycloidal electromagnon”, it will invent a twisted explanation accompanied by completely non-existent articles that will even make us doubt whether such a concept actually exists. However, a quick Google search would have quickly revealed that the name is an invention.

That is, ChatGPT is suffering from what is called “AI hallucination”. A phenomenon that mimics hallucinations in humans, in which it behaves erratically and asserts as valid statements that are completely false or irrational.

Endless worlds, realistic worlds: procedural generation and artificial intelligence in video games

Androids hallucinate with electric sheep?

So, what is going on?

As we have said before, the problem is that the AI is tremendously clever at some things, but terribly stupid at others. ChatGPT is very bad at lying, irony and other forms of language twisting.

When asked how dinosaurs came to build their advanced civilisation in the Cretaceous and what evidence we have today, it won’t question the validity of the starting point, just start ranting.

The problem then lies in having a critical spirit and distinguishing what is real from what is not (in a way, as is the case today with fakenews).

In short, the AI will not give in: if the question we ask it is direct, precise, and real, it will give us a very good answer. But if not, it will make up an answer with equal confidence.

When asked about the lyrics to Bob Dylan’s “Like a Rolling Stone”, it will give us the full lyrics without any problem. But if we get the wrong Bob and claim that the song is by Bob Marley, it’ll pull a whole new song completely out of the hat.

A sane human being would reply “I don’t know what song that is”, “isn’t that Dylan’s”, or something similar. But the AI lacks that basic understanding of the question.

As language and AI expert Gary Marcus points out, “current systems suffer from compositionality problems, they are incapable of understanding a whole in terms of its parts”.

Platforms such as Stack Overflow, a forum for queries about programming and technology, have already banned this tool to generate automatic answers, as in many cases its solution is incomplete, erroneous or irrelevant. And OpenAI has hundreds of programmers explaining step-by-step solutions to create a training set for the tool.

The phenomenon of hallucination in Artificial Intelligence is not fully understood

The hallucination in Artificial Intelligence is not fully understood at a fundamental level. This is partly because the algorithms behind it are sophisticated deep learning neural networks.

Although extremely complex, at its core it is nothing more than a network of billions of individual “neurons”, which are activated or not depending on input parameters, mimicking the workings of the human brain. In other words, linear algebra, but in a big way.

Artificial Intelligence, ChatGPT, and Cyber Security

The idea is to break down a very complicated problem into billions of trivial problems. The big advantage is that it gives us incredible answers once the network is trained, but at the cost of having no idea what is going on internally.

A Nature study, for example, showed that a neural network was able to distinguish whether an eye belonged to a male or female person, despite the fact that it is not known whether there are anatomical differences between the two..

Or a potentially very dangerous example, in which a single facial photo classified people as heterosexual or homosexual.

Who watches over the watchman?

Then, if we are not able to understand what is going on behind the scenes, how can we diagnose the hallucination, and how can we prevent it?

The short answer is that we can’t right now.

And that’s a problem, as AI is increasingly present in our everyday lives. Getting a job, being granted credit by a bank, verifying our identity online, or being considered a threat by the government are all increasingly automated tasks.

If our lives are going to have such an intimate relationship with AI, we’d better make sure it knows what it’s doing. Other algorithms for text generation and image classification had to be deactivated, as they turned out to be neo-Nazi, racist, sexist, sexist, homophobic… and they learned this from human biases.

In a sort of Asimov’s tale, let’s imagine that, in an attempt to make politics “objective”, we let an AI make government decisions. We can imagine what would happen then.

Although some people point to a problem of lack of training data as the cause of hallucinations, this does not seem to be the case in many situations.

Perhaps in the near future a machine will be able to really understand any question. Or not.

In fact, we are reaching a point where exhausting the datasphere —the volume of relevant data available— is beginning to be on the horizon. That is, we will no longer have much to improve by increasing the training set.

The solution may then have to wait for the next revolution in algorithms, a new approach to the problem that is currently unimaginable. This revolution may come in the form of quantum computing.

Perhaps in the near future a machine will be able to really understand any question. Maybe not. It is very difficult and daring to make long-term technological predictions.

After all, the New York Times wrote in 1936 that it would be impossible to leave the earth’s atmosphere, and 33 years later, Neil Armstrong was walking on the moon. Who knows, maybe in a few decades it will be AI that diagnoses why humans “hallucinate”…

Publications:

Featured photo: Pier Monzon / Unsplash

Cyber Security Weekly Briefing, 11 – 17 February

Telefónica Tech    17 February, 2023

Apple fixes actively exploited 0-day

Apple has issued several security advisories to fix an actively exploited 0-day vulnerability.

The security flaw, listed as CVE-2023-23529, is a type confusion in the browser’s WebKit that could be used by a would-be attacker to execute arbitrary code on vulnerable devices after opening a malicious web page crafted for such purposes.

This flaw affects both older and newer devices, being fixed in iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, and Safari 16.3.1.

On the other hand, Apple has also fixed a vulnerability in the kernel that allows remote code execution, registered as CVE-2023-23514, which affected macOS Ventura devices and several iPhone and iPad models.

Lastly, a vulnerability that could allow access to unprotected user data affecting macOS Ventura has been identified as CVE-2023-23522.

More info

* * *

Microsoft fixes 75 vulnerabilities in its Patch Tuesday including 3 0-days

Microsoft has patched 75 vulnerabilities in various products including Microsoft Windows, Office, Exchange and Azure in its latest security update.

Nine of these vulnerabilities are reported to have received a critical severity score, and 66 others are reported to have been rated as “important”.

Three of these security bugs would be 0-day actively exploited: CVE-2023-21823, a remote code execution vulnerability in Windows Graphics Component with a CVSSv3 score of 7.8; CVE-2023-21715, a security feature bypass vulnerability in Microsoft Publisher with a CVSSv3 score of 7.3 and CVE-2023-23376, a privilege escalation vulnerability in Windows Common Log File System Driver with a CVSSv3 score of 7.8.

More info

* * *

Cyber-attack against several NATO websites

A NATO official confirmed to the DPA news agency that the organisation was investigating a cyber-attack on several NATO websites.

The attack took place on Sunday night and disabled several NATO websites, including that of the NATO Special Operations Headquarters. The attack was allegedly a politically motivated hacktivist action in favour of one of the parties in the current conflict, as a Telegram channel of a hacktivist group posted a message asking for help from fellow hackers to attack all NATO units.

Other hacktivist channels also posted evidence of inoperable NATO assets such as the Military Command website and the Joint Military Centre website, among others.

More info

* * *

​Mozilla issues security updates for Firefox 110 and Firefox ESR

Mozilla has issued two security alerts regarding vulnerability fixes in Firefox110 and FirefoxESR

Most of these vulnerabilities, still pending CVSS classification, have been categorised by the vendor as high impact. Their exploitation could lead an attacker to perform spoofing attacks; access confidential information, including NTLM credentials; evade security mechanisms or execute arbitrary code, among other behaviours. The vendor recommends upgrading to the latest version of Firefox 110 and Firefox ESR 102.8.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification informing of these updates and requesting users and administrators to implement the necessary measures.

More info

* * *

Vulnerabilities in Schneider Electric PLC models

Forescout’s team of Vedere Labs researchers has published an analysis of two critical vulnerabilities affecting several Schneider Electric PLC models.

These security flaws are the one registered as CVE-2022-45789, with a CVSSv3 9.8, which allows an authentication bypass that could cause the execution of unauthorised Modbus functions on the controller by hijacking an authenticated Modbus session.

In addition, the vulnerability registered as CVE-2022-45788, which has also been assigned a CVSSv3 of 9.8, could be exploited for remote code execution, cause a denial of service attack and could result in loss of confidentiality and data integrity when executing undocumented Modbus UMAS CSA commands.

Researchers indicate that malicious actors could chain exploit them to achieve lateral movement in the victim’s network. The affected versions include all versions of EcoStruxure Control Expert and Modicon Unity PLC, as well as EcoStruxure Process Expert version V2020.

More info

Featured photo: Ed Hardie / Unsplash

Using Midjourney to create social media content

Miryam Artigas    16 February, 2023

Any sentence containing the word ‘dinosaur’ is worthy of attention. Admit it, it happens to you too.

And if not, I’ll tell you why we’re talking about dinosaurs in a technology blog. And no, we’re not talking about outdated professions. Or not at all. You see, in a matter of a couple of weeks, some images of dinosaurs that are really cute have made their way around Twitter and Instagram, passing through the infinite loop that is WhatsApp, to be shared among family, friends and work colleagues.

Posts with the hashtag #dinoprofessions on Instagram

Why social networks have been filled with dinosaurs

The dinosaurs represented different professions (from ‘veterinarisaurus’ to ‘bartendersaurus’ to ‘designsaurus’). In a matter of days, more than 6,000 publications arrived on Instagram to the delight of users who – and here’s the important fact – began to make their own creations to feel represented.

This trend has been made possible thanks to Artificial Intelligence. In particular, thanks to the Midjourney platform, one of the most widely used AI image generators, how else could users have created so many variations of dinosaurs adapting to all the professions imagined, with such quality that they could have passed for the work of a digital artist?

We have only been testing the capabilities of ChatGPT for a few months now, asking it to make you a healthy menu with its corresponding shopping list, or to correct a few lines of code in a matter of seconds. And suddenly, BANG! AI image generation also reaches the general public. One day you wake up, discover viral content, and suddenly feel the need to make your own ‘dino’.

That’s when users roll up their sleeves, turn to Google to research how those images were made and, without even realising it, have created a Discord profile, signed up for Midjourney and are already familiarising themselves with the term ‘prompt’. Isn’t human beings fascinating?

How to start programming in Artificial Intelligence: languages, tools and recommendations

Using Midjourney to create social media content

Now, jokes aside, it’s fascinating to see what we can do with a couple of articles or YouTube videos, without the need for any prior technical knowledge.

When we got the ‘dinos’ we decided to create our own version for Telefónica Tech’s social networks, because although there were many professions in the hashtag, we missed the more technological ones.

I found several references to the ‘dinoprofessions’ that pointed to Midjourney. In a few more minutes, I also found the origin of the trend: the precursor had been a user called @the_ai_dreams who, with more than 162k followers, is dedicated to sharing AI-generated content on a regular (and daily) basis on his Instagram account.

Therefore, seeing all the references, I linked my Discord account and entered this new (and free, with the trial version) universe offered by Midjourney. I discovered that there were some rooms within Discord called ‘Newcomer rooms’ where you could start testing and generating images. I decided to enter ‘newbies-42’ and start playing with the promts.

Using a couple of values: ‘super cute’, ‘baby blue dinosaur’, ‘hacker’… I managed to generate the first images with a result that was very close to what we were looking for:

The process was relatively short, but that was not the best thing about it. It was fascinating to see how users were working online, generating their own content in real time, testing and versioning. One user was developing a kind of comic book because I could see —while he was generating them— the course of all the derivative pieces.

We learned how it worked and did several tests, and we managed to make our own version of the trend. You can already see it on our Instagram profile (in Spanish):

Community Managers, journalists, designers… what’s going to happen to us?

It is inevitable to ask ourselves, talking about professions and dinosaurs: should we feel threatened? There are many users who are frightened by the potential that these AIs are demonstrating and who see their days numbered.

However, the example of ‘dinoprofessions’ is perfect to start to ‘imagine’ what they can offer us and complement us. Such a trend could never have happened without an AI. Simply because:

  1. There would not have been so many posts with the hashtag.
  2. We would not have been able to generate such content at such a speed, as such an illustration could have taken a senior creative several days of work to produce.
  3. The feeling of representation would have been much lower due to fewer pieces.
  4. And, directly, it would not have gone viral.

These types of tools will change —in fact, they already are changing— our everyday life. Yet, far from ‘taking away our work’, they will allow us to optimise processes, be more agile and develop other types of tasks. And, of course, new jobs will emerge, such as the role of prompt engineering.

The skill lies not in being able to get into Midjourney or DALL-E (for example) and generate an image in seconds. It’s about being able to control the AI in such a way that you can extract the image you need and have in your head immediately. And then use that same style and resources to generate complementary ones.

It is understandable that it is hard to imagine where these tools are going to take us in the workplace, but what is clear is that they are not going to be the only tools we can use. What is clear, however, is that we must not waste time and that we must start learning about them now. And, if there are dinosaurs involved, even better!

Endless worlds, realistic worlds: procedural generation and artificial intelligence in video games
Miryam Artigas
Miryam Artigas

Even though kittens and memes are irresistible, I strongly believe the Internet offers much more. I'm passionate about creativity, communication, photography, film, and literature. Currently doing exciting things in Telefónica Tech's communication team.

Artificial Intelligence, ChatGPT, and Cyber Security

Marta Mallavibarrena    15 February, 2023

Artificial Intelligence (AI) has become a frequent topic on this blog. Almost all predictions of technological trends for the coming years include it as one of the key advances.

In my previous article, we addressed the role that these technologies can play in the creation and dissemination of disinformation and fake news. On that occasion, the protagonists were tools such as DALL-E or GauGAN2 for generating images, and although we already mentioned some text tools, at the end of the year a new tool appeared on the scene that has been making headlines ever since: ChatGPT.

A few weeks ago, our colleague Mercedes Blanco introduced us to how ChatGPT works and some of its applications in the business world. This time, however, we will focus on what this tool, and others like it, can mean for cyber security.

As with any technological advance, its consequences can be beneficial both for security teams and for those who take advantage of it for more controversial purposes.

ChatGPT in security research

The tool itself informs us of the many ways in which it can be of use to threat intelligence services, which can be summarised as follows:

  • Provide information and act as an advanced search tool.
  • Support the automation of tasks, reducing the time spent on tasks that are more mechanical and require less detailed analysis.
Image 1: screenshot of a conversation with ChatGPT on the topic of the article

Artificial intelligence has been making its way into cyber security tools for some time now. Some examples can be found in our Trending Techies last November, such as the project presented by Álvaro García-Recuero for the classification of sensitive content on the internet.

In the case of ChatGPT, Microsoft seems to be leading integration efforts in its services, such as its Bing search engine and Azure OpenAI Service or, more focused on cyber security, the case of Microsoft Sentinel, which could help streamline and simplify incident management.

Other researchers are betting on its use for the creation of rules that can detect suspicious behaviour, such as YARA rules.

Google, for its part, has opted to launch its own tool called Bard, which will be implemented in its search engine in the not too distant future.

ChatGPT in cybercrime

On the opposite side of cyber security, we can also find multiple applications of tools such as ChatGPT, even though they are initially designed to prevent their use for illicit purposes.

In early January 2023, CheckPoint researchers reported the emergence of underground forum posts discussing methods of bypassing ChatGPT restrictions to create malware, encryption tools or trading platforms on the deep web.

In terms of malware creation, researchers who have attempted proof-of-concepts have come to the same conclusion: ChatGPT is able to detect when a request asks directly for the creation of malicious code, however, rephrasing the request in a more creative way allows evading these defences to create polymorphic malware, or keyloggers with some nuances. The generated code is neither perfect nor fully complete and will always be based on the material that the artificial intelligence has been trained on, but it opens the door to generating models that can develop this type of malware.

Image 2: ChatGPT response on malware creation via AI

Another of the possible illicit uses that have been raised with ChatGPT is fraud or social engineering. Among the content that these tools can generate are phishing emails designed to trick victims into downloading infected files or accessing links where they can compromise their personal data, banking information, etc. There is no need for the author of the campaign to master the languages used in the campaign, or to manually write any of them, automatically generating new themes on which to base the fraud.

Overall, whether the tool is capable of delivering complete, ready-to-use code or content or not, what is certain is that the accessibility of programmes such as ChatGPT can reduce the sophistication needed to carry out attacks that, until now, required more extensive technical knowledge or more developed skills. In this way, threat actors who were previously limited to launching denial-of-service attacks could move on to developing their own malware and distributing it in phishing email campaigns.

Conclusions

New AI models like ChatGPT, like any other advancement in technology, can have applications both to support progress and improve security, as well as to attack it.

Actual use cases of such tools to commit crimes in cyberspace are anecdotal at the moment, but they allow us to imagine the possible cybersecurity landscape to come in the years to come. The constant updating of knowledge becomes, once again, essential for researchers and professionals in the field of technology.

“By far, the greatest danger of Artificial Intelligence is that people conclude too early that they understand it.”

Eliezer Yudkowsky

Featured photo: Jonathan Kemper / Unsplash

Marta Mallavibarrena
Marta Mallavibarrena

Graduate in Psychology and Master in Economic Intelligence and International Relations, specialized in cybersecurity. Currently Cyber Threat Intelligence Analyst in the Digital Risk Protection team at Telefónica Tech. Enthusiast of data analysis, always looking for new ways to incorporate social sciences to the technology sector.