Chatbots Are Here To Stay
Security Risks, Threats, and Vulnerabilities
The words risk, threat, and vulnerability are often confused or used interchangeably when reading about computer security, so let’s first clarify the terminology:
-
Vulnerability refers to a weakness in your software (or hardware, or in your processes, or anything related). In other words, it’s a way hackers could find their way into and exploit your systems.
-
A threat exploits a vulnerability and can cause loss, damage, or destruction of an asset – threats exploit vulnerabilities.
-
Risk refers to the potential for lost, damaged, or destroyed assets – threats + vulnerability = risk!
Vulnerability 1: XSS – Cross-Site Scripting
A typical implementation of a chatbot user interface:
- There is a chat window with an input box.
- Everything the user enters in the input box is mirrored in the chat window.
- Chatbot response is shown in the chat window.
The XSS vulnerability is in the second step — when entering text including malicious Javascript code, the XSS attack is fulfilled when the web browser is running the injected code:
<script>alert(document.cookie)</script>
Possible Attack Vector
For exploiting an XSS vulnerability the attacker has to trick the victim to send malicious input text. It can be done through one of the following ways: