top of page

How Microsoft Copilot Got Hijacked

Introduction

Have you heard about the recently patched vulnerability in Microsoft 365 Copilot, which exposed sensitive data through a novel AI-enabled technique called “ASCII Smuggling?”

This technique uses special Unicode characters that resemble ASCII text but are invisible to the user interface, allowing attackers to embed malicious code within seemingly harmless text.

The recent ASCII Smuggling attack on Microsoft 365 Copilot demonstrates the increasing complexity of AI-driven cyber threats and the importance of robust security measures to protect sensitive data! Here’s what you need to know about the incident.

What Happened to Microsoft Copilot?

Microsoft Copilot is a generative AI chatbot developed to assist users in various tasks, from writing emails and creating presentations to summarizing documents and providing information. It also has a photo creation component that generates images based on your prompts, using artificial intelligence.

All that content means a broader attack surface for hackers to exploit!

Researcher Johann Rehberger, who has extensive experience at Microsoft, explained that the ASCII Smuggling enables attackers to make the large language model (LLM) render data invisible to the user interface and embed it with clickable hyperlinks containing malicious code. When users interact with these links, the hidden data can be exfiltrated to a third-party server, potentially compromising sensitive information such as multi-factor authentication (MFA) one-time-password codes.

ASCII Smuggling is a type of cyberattack where malicious attackers embed hidden, invisible characters within seemingly harmless text.

How it works:

  1. Unicode Tags Block: This block of Unicode characters contains characters that look identical to ASCII characters but have different underlying codes.  

  2. Embedding: Attackers carefully insert these Unicode characters into text, creating a hidden message that is not visible to the human eye.  

  3. Interpretation: When processed by a system or software that is not fully equipped to handle these special characters, the hidden message can be misinterpreted or executed, leading to malicious actions.

The attack involves several advanced techniques, starting with a prompt injection triggered by sharing a malicious document in a chat. Copilot is then manipulated to search for more sensitive data, and ASCII Smuggling is used to trick the user into clicking on an exfiltration link. This method highlights the evolving sophistication of AI-enabled attacks, where seemingly innocuous content can conceal malicious payloads capable of exfiltrating sensitive data.

Protecting Your AI Chats

Keeping Microsoft 365 software updated will help mitigate this risk and other zero-day attacks! He also advised users to exercise caution when interacting with links in documents and emails, especially those from unknown or untrusted sources. Regular monitoring of AI tools like Copilot for unusual behavior is essential to catch and respond to any suspicious activity quickly.

While it is unclear how exactly Microsoft fixed the vulnerability, their experts noted that the exploits built and shared with Microsoft in January and February no longer work, indicating that links are not rendered anymore. With all AI chatbots, however, prompt injection remains a potential threat.

This ASCII Smuggling technique underscores the need for advanced threat detection systems that can analyze content across multiple communication channels, including email, chat, and collaboration platforms. This approach is crucial for identifying and mitigating sophisticated AI-enabled attacks!

Conclusion

By understanding the mechanics of ASCII Smuggling and taking proactive measures, organizations can help protect themselves from this emerging threat.

You should also keep your systems and libraries up-to-date with the latest software updates, as this will best ensure that hackers cannot exploit zero-day vulnerabilities. Avoid suspicious links and attachments, and stay sharp about your incident response plan so you know where to report any suspicions you may have about the security of your data and systems.

Artificial intelligence is a great tool for creativity, simplifying work tasks, and even helping you out at home. We also have to be aware, however, that hackers always eventually find vulnerabilities in our tools and applications. Staying aware of their tricks and the defenses that security experts are developing to help, will equip you to recognize and stop attempted data breaches in their tracks! Cyber hygiene starts with you.

0 views0 comments

Comments


bottom of page