Any communication system relies on the ability of the recipient to be able to identify the sender.
Knowing the senders identity means sending a reply and seeing if it’s possible for you to trust them.
The process of creating these fake messages is known as spoofing.
For example, the postal system requires a delivery address.
Letters are typically signed and may come with a return address.
Theres no standard mechanism to verify that the return address is the senders address.
This could be used to manipulate friendships or familial relationships to achieve financial gain by affecting inheritance.
Or other situations either beneficial to the attacker or potentially purely detrimental to the victim.
An unsuspecting recipient may not think to check the letters legitimacy and thus fall victim to fraud.
Note:Insider threats such as double agents and malicious employees apply a similar threat.
Spoofing in Digital Systems
Many digital systems have a similar issue.
In many cases, countermeasures are in place.
But in some situations, these countermeasures arent always efficient or are not possible.
ARP is an excellent example of a protocol with which it is difficult to prevent spoofing attacks.
Unfortunately, nothing stops a malicious gear from using ARP to claim that it has another IP address.
An email has a similar issue.
Many spam and phishing emails spoof the senders address.
This works because the sender address is part of the data within the packet.
This system relies on very well-known technology.
This can be used to misdirect vehicles that rely on GPS.
Such an attack was the suspected cause behind the Iranian capture of a US UAV.
A team of engineering students also demonstrated the viability of this attack against a luxury yacht.
However, they were on board and had permission.
The attack vector also provides a risk to autonomous vehicles.
Voice and Video
Since the invention of text-to-speech algorithms, voice spoofing has been a possibility.
However, this balance has changed with the proliferation of machine learning algorithms.
The process also works for still images and even video.
The class of spoofing is known as deep fakes.
It has been used to attribute legitimate-looking fake quotes to geopolitical leaders to damage their reputations.
The technology is also broadly used in harassment campaigns, primarily against women.
Relatively high-quality results can be obtained with commercially available hardware and minimal time and effort.
More advanced spoofed content with few flaws could be relatively quickly made by a determined and well-resourced attacker.
Motivations can vary, with financial gain, political humiliation of a rival, and harassment being typical.
The exact method varies depending on the protocol and platform used.
Spoofing can be hard to design against, as any attacker-controlled system can simply ignore any protections.
