- Pen Test Partners found flaws in Eurostar’s AI chatbot, including weak validation and HTML injection
- Eurostar says customer data was never at risk; The vulnerabilities have since been mitigated.
- Palo Alto Warns Rapid AI Adoption Expands Cloud Attack Surfaces Through Misconfigurations and Non-Human Identities
Eurostar’s recently introduced AI-powered customer service chatbot was hit by cybersecurity vulnerabilities that opened the doors to a multitude of potential risks, experts have warned.
Researchers at Pen Test Partners found that the chatbot correctly validated only the most recent messages in a conversation, meaning that older messages could be modified to contain a malicious message. That message could be virtually anything, from revealing system information to (possibly) extracting sensitive customer data.
Fortunately, Eurostar did not connect its customer information database to the chatbot, so at the time of discovery, there was no direct risk of data leakage.
“Customers were never at risk”
Experts discovered that there were also other weaknesses in the system, including conversation and message IDs that were not properly verified, or an HTML injection flaw that allows JavaScript to be executed directly in the chat window.
The Pen Test Partners appear to be the first to discover these vulnerabilities: “There was no attempt to access the conversations or personal data of other users,” the researchers explained. “But the same design weaknesses could become much more serious as chatbot functionality expands.”
Eurostar emphasized that customer data was never at risk, saying AM City: “The chatbot had no access to other systems and, more importantly, no sensitive customer data was at risk. All data is protected through the customer login.”
Many companies are rushing to implement AI tools; However, rapid enterprise adoption is significantly expanding cloud attack surfaces and putting businesses at greater risk than ever.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
