- IBM’s GenAI tool “Bob” vulnerable to rapid injection indirect attacks in beta testing
- CLI faces rapid injection risks; IDE exposed to AI-specific data exfiltration vectors
- The exploit requires “always allow” permissions, allowing the deployment of arbitrary shell scripts and malware.
IBM’s Generative Artificial Intelligence (GenAI) tool Bob is susceptible to the same dangerous attack vector as most other similar tools: immediate indirect injection.
Indirect notice injection occurs when the AI tool can read content found in other applications, such as email or calendar.
A malicious actor can then send a seemingly benign email, or calendar entry, that has a hidden message that instructs the tool to do nefarious things, such as exfiltrate data, download and run malware, or set persistence.
Risky permissions
Recently, security researchers Prompt Armor published a new report, stating that IBM’s encryption agent, which is currently in beta, can be accessed via CLI (a terminal-based encryption agent) or IDE (an AI-powered editor). CLI is vulnerable to fast injection, while IDE is vulnerable to “AI-specific known data leak vectors.”
“We have chosen to disclose this work publicly to ensure that users are informed of the serious risks of using the system before its full release,” they said. “We hope that more protections will be implemented to remedy these risks for the general access version of IBM Bob.”
However, there is an important caveat here. For attackers to take advantage of this attack vector, users must first configure Bob to grant him broad permissions. That is, the “always allow” permission must be enabled for any command.
That’s pretty difficult, even for the least security-conscious users. Since the tool is still in beta, we don’t know if that permission is enabled by default, but we doubt it is.
In any case, Prompt Armor says that the vulnerability allows threat actors to deliver an arbitrary shell script payload to the victim, leveraging known and custom malware variants to perform different cyber attacks, such as ransomware, credential theft, spyware, device takeover, botnet takeover, and more.
Through; Immediate armor
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
