Encircle News!

Retro Game Arcade
, , ,

Microsoft’s AI healthcare bots might have some worrying security flaws

TechRadar – All the latest technology news

Microsoft’s AI-powered bots for the healthcare industry have been found to be vulnerable in a way that allowed threat actors to move across the target IT infrastructure, and even steal sensitive information. 

Cybersecurity researchers Tenable, who discovered the flaws and reported them to Microsoft, outlined how the flaws in Azure Health Bot Service enabled lateral movement throughout the network, and thus access to sensitive patient data. 

The Azure AI Health Bot Service is a tool enabling developers to build and deploy virtual health assistants, powered by artificial intelligence (AI). That way, healthcare orgs can cut down on cost and improve efficiency, without compromising on compliance. 

Data Connections

Generally speaking, digital assistants also work with plenty of sensitive information, which makes security and data integrity paramount. 

Tenable sought to analyze how the chatbot handles the workload, and found a few issues in a feature called “Data Connections”, designed to pull data from other services. The researchers pointed out that the tool does have built-in safeguards that block unauthorized access to internal APIs, but they managed to bypass them by issuing redirect responses while reconfiguring a data connection through a controlled external host. 

They set up the host to respond to requests with a 301 redirect response aimed at Azure’s metadata service (IMDS). That gave them access to a valid metadata response which, in turn, gave them an access token for management.azure.com. With the token, they were able to get a list of all the subscriptions it grants access to.

A few months ago, Tenable reported its findings to Microsoft, and soon after all regions were patched. There is no evidence the flaw was exploited in the wild, it added. 

“The vulnerabilities discussed….involve flaws in the underlying architecture of the AI chatbot service rather than the AI models themselves,” the researchers noted, adding this, “highlights the continued importance of traditional web application and cloud security mechanisms in this new age of AI powered services.”

More from TechRadar Pro

https://www.techradar.com/pro/security/microsofts-ai-healthcare-bots-might-have-some-worrying-security-flaws

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

August 2024
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 992: Why Not Pudding? – Google's Monopoly, Net Neutrality, AI Phishing This Week in Tech (Audio)

Former YouTube CEO Susan Wojcicki dies after 2 years with lung cancer Google (GOOGL) Loses DOJ Antitrust Suit Over Search Engine on Phone Browsers Will Google's historic monopoly lawsuit be the death knell for Mozilla and Firefox? Google pulls Olympics AI ad 'Dear Sydney' Brands should avoid this popular term. It's turning off customers US court blocks Biden administration net neutrality rules The KOSA Internet Censorship Bill Just Passed The Senate—It's Our Last Chance To Stop It Judge tosses challenge to Louisiana's age verification law aimed at porn websites CNET to Be Sold to Ziff Davis in Sign of Possible Media Deals to Come Intel announces two extra years of warranty amid chip crashing and instability issues — longer warranty applies to 13th- and 14th-Gen Core processors Canadian news engagement down significantly one year after Meta's ban: study Microsoft's AI Can Be Turned Into an Automated Phishing Machine 'The Godmother of AI' says California's well-intended AI bill will harm the U.S. ecosystem Scoop: X files antitrust lawsuit against ad industry group GARM Scientists Say Secret to Fusion May Lie in Hellmann's Mayonnaise Host: Leo Laporte Guests: Abrar Al-Heeti, Shoshana Weissmann, and Andrew Chow Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: ziprecruiter.com/twit mintmobile.com/twit bitwarden.com/twit expressvpn.com/twit NetSuite.com/TWIT
  1. TWiT 992: Why Not Pudding? – Google's Monopoly, Net Neutrality, AI Phishing
  2. TWiT 991: This Show Is Securities Fraud – Intel Layoffs, KOSA, Don Lemon
  3. TWiT 990: Dogecoin Fort Knox – AI Cheese, SearchGPT, "Free" Facebook
  4. TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Streaming the Olympics
  5. TWiT 988: Flaming Corn Maze – AT&T Breach, Galaxy Z Fold6, Olympic Disinfo