They discover a serious safety failure in the Lenovo support chatbot that allows you to deceive it to execute malicious code

They discover a serious safety failure in the Lenovo support chatbot that allows you to deceive it to execute malicious code

ByEthan Collins

With the popularization of AI, the career to integrate this technology in all kinds of aspects has only begun. In some aspects you can improve the lives of users, and in others it can be a true hell, especially in those cases where the implementation of AI seems more like the end, than a means to offer a service.

The Chinese company Lenovo soon integrates a artificial intelligence chatbot in its customer service called “Lena” Based on GPT-4 of OpenAI, a strategy that many other companies have followed and that, as many will have already suffered, can be really desperate.

However, the problem of the Lenovo’s chatbot is not its operation for giving more or less useful answers to their clients: Cybernews cybersecurity researchers have found A serious security failure which makes an attacker Use this chatbot to execute malicious code or access private information.

Through different conversations, you can make Lena run unauthorized scripts in corporate machines or filter data from stored cookies.

IA attendees are prone to “hallucinating” or showing erroneous responses, but generally, when a chatbot is implemented for a specific task, it is usually limited or restricted their abilities to avoid problems and focus on its task, something that in Lenovo seems to have not taken into account.

Thus they managed to use the Lenovo chatbot to execute unauthorized code

Cybernews researchers have shown an example in which they ask for “Information about the specifications of the Lenovo Ideapad 5 Pro” to Chatbot. Then they ask you to convert the answer to HTML, JSON and flat text in a specific order that the web server expects to receive.

Subsequently, the chatbot is instructed to teach how to generate the final response in HTML with code to insert an image of an unseen URL, when a failure occurs, you are asked to make a network application to a server of the attacker potential and send the cookies data within the URL. For everything to be executed, the chatbot is asked to show the image aggressively, before what tries to generate it with the malicious code of the network application.

Then, if you are asked to speak with a human operator, the operator’s PC will try to show the image of the HTML and when failing, the code of sending the cookies data to the attacker’s server will be executed, allowing it to have access to the active sessions of the operator’s computer, gaining potential access to the network or data of Lenovo.

In this case, the code only sends the session cookies data, but could adapt to execute much more devastating attacksincluding recording of keyboard pulsations, phishing attacks, etc.

From Lenovo they assure us having solved the problem

From Lenovo they say that after having received the investigators notice, they corrected vulnerability to avoid attacks of malicious users:

«Lenovo takes the safety of our products very seriously and the protection of our customers. Recently, an external security researcher informed us of a Cross-Site Scripting (XSS) type vulnerability in a chatbot. After knowing the problem, we quickly evaluate the risk and apply corrective measures to mitigate the potential impact and solve the problem. We want to thank the researchers for their responsible dissemination, which has allowed us to implement a solution without putting our customers at risk ».

Ethan Collins
Ethan Collins

As a dedicated tech enthusiast and writer at IRC Junkie, I explore the latest innovations in software and hardware. With a background in computer science, I thrive on simplifying complex technological concepts for our readers. My goal is to inspire curiosity and understanding in the ever-evolving world of technology.