Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Chatbots are the next big cybercrime target


Chatbots are the next big cybercrime target

Chatbots are all the rage these days. And it’s no surprise, as they offer a method of frictionless, natural conversation between a brand and its customers, as well as the ability to improve the customer service experience without the need to augment expensive department staffs.

At this point in time, while the “chat” part of the chatbot interaction may seem superficial, the seamless and ubiquitous interface promises to disrupt a range of technologies including search engines, social networking, customer relationship management and application development. Consumers are already using chatbots with platforms like Facebook Messenger and WhatsApp, and companies big and small are jumping on the chatbot bandwagon, rolling out functionality in their enterprise messaging apps.

Currently, the majority of questions being asked by companies about chatbots revolve around consumer adoption, such as whether chatbots meet their demand and expectation. However, businesses aren’t as focused on one of the most important aspects of the technology: security. As chatbots grow in popularity and more people use them across a variety of business sectors, the more chatbots will be misused by cybercriminals looking to make a little money or flaunt their skills to lay claim to an “impressive” hack. Modern fraudsters are incredibly inventive and utilize all technology available depending on the exact case.

Cybercriminals have a lot to gain from hacking into chatbots. For example, a consumer may use them to share their credit card information with merchants, or an employee might consume and upload confidential business information. Valuable, confidential data is being exchanged across bot platforms all of the time, and hackers know this. In order to prevent damaging attacks that exploit chatbot infrastructures and can impact consumer and enterprise confidence, steps should be taken to make security priority number one.

Before jumping on the chatbot bandwagon

So what goes into securing chatbots? The real issue here is less about the chatbot phenomena and more about security issues in the technology, network or platform utilized to run them. At the end of the day, a bot is just another piece of technology within the fraudster’s attack vector. It’s part of the network or platform they can already exploit.

Security needs to play a larger role on the platforms that host chatbots. It is everyone’s responsibility within the infrastructure value chain to do this, from the brands like Facebook and WhatsApp, to an enterprises IT networks and the networks that we use for access bots.

Chatbot security = mobile network security

Perhaps somewhat surprisingly, mobile network operators are a key player in this. They can provide network reliability, global interoperability, and service ubiquity, so it’s no wonder that many chatbots are built to be accessed via mobile phones, whether Facebook, a financial institution, or even the mobile operator itself.

Mobile users put a large amount of trust in their chosen operator network, yet mobile cybercrime is rife and growing more than the general public realize. This new threat of yet more potential attacks on their networks and to their customers is even more reason why operators should take heed and do all they can now to ensure their networks are better safeguarded not least to protect themselves from dissatisfied customers and revenue leakage as a result.

For example, there has been a well-known voicemail spam problem in the U.S. which appears to be generated by chatbots, but the underlying issue is that the network and infrastructure allows this bot to be compromised.

Another example of bot vulnerabilities came in the form of experts recently managing to take over a phone where they could intercept and redirect any call to that subscriber in the system. These calls could be redirected to a bot where hackers can fake a voicemail system or instead of a silent call termination and interception, create a phishing scam. This would be especially damaging if the target number belonged to a financial institution where sensitive financial details were being discussed or a seemingly innocent yet malicious link is shared.

Plan of action

The question you might ask ― what are the security options for this emerging tech? Here are two immediate fixes.

1. Maintain a strong back-end infrastructure

In order to keep networks clean and safeguarded from the constant barrage of cybercriminal’s assaults, mobile operators must maintain a bullet-proof back-end infrastructure. Mobile operators need comprehensive network management and access, so they can control what type of traffic is acceptable and what is fraudulent.

2. Close SS7 Loopholes

Signaling System No. 7, or SS7, is the central nervous system of a mobile operator’s network; however, mobile operators have come to realize that the networks they used to transport messages, including those from chatbots, as well as connect subscribers’ calls weren’t nearly as secure as they thought they were. Traditional IP firewall protection methods are not sufficient to detect and resolve the large majority of SS7 vulnerabilities. Instead, a comprehensive purpose built SS7 firewall is required.

While chatbots present exciting opportunities for mobile operators, enterprises and consumers alike, it is unfortunately a ticking time bomb for opportunistic fraudsters to exploit them. While mobile operators are in a position to play their part and act quickly before it escalates to a mainstream issue, it is everyone’s responsibility in the value chain to ensure secure technologies, networks and platforms are being used, and safeguarded. It is also down to consumers to be vigilant and ensure they don’t fall victim to a friendly chatbot, being exploited by a fraudster lurking in the network, who view chatbots as their new number one target.

Viewing all articles
Browse latest Browse all 12749