Hacking humans with IoT? It is happening now and will only scale. The rapid evolution of AI technologies, mass development and production of IoT equipment which is interconnected and can be orchestrated on backend by massive AI platforms which are sourcing, processing and cross-correlating personal and sensitive data completely changes human vs computer paradigm. No chip implant is needed to control a human, unlike it may be commonly believed. As long as enough biometric and behavioral information is collected on human beings, they and their social contacts can be completely manipulated in predictable manner. The environment of connected society is a perfect stage, where the humans are exposing their harvestable biometric and behavior profiles, by publishing content in social media or giving up the IoT devices around the things which they are reluctant to share with their closest friends. This is the new battle ground where our digital identities are appearing and exposing our strengths and weaknesses at the same time. Those identities can be created, stolen, or replicated without our consent by criminals and state sponsored actors, appear in the places we are not aware, and leveraged to target our digital presence and physical life.

By connecting the dots between generative AI, predatory advertisement companies, biometric data harvesting and Human - IoT interactions – we demonstrate the significant expansion of the attack surface against humans and social groups. Disinformation, public opinion manipulation, virtual kidnapping, exploitation of human digital identities are the fruits of the same tree. The data collected and processed in the IoT based smart environments is a gold mine for criminals and state sponsored actors to manipulate humans the way and at the scale which was impossible before.

The presentation is focusing on the attack scenarios and case studies of targeted individuals, social groups that we either have observed or to observe in the wild, including election campaigns in social media, assets take over, extortion. The consequences of attacks lead to behavior changes and actions in both, physical and digital world including changing the decisions, social engineering, exfiltration of sensitive information, choosing most vulnerable targets to attack high security environments, swaying opinions, affecting elections and other critical events, that may change the history. We will also cover both, defense options and choke points related to the expanded attack surface.