Critical Copilot vulnerability allowed hackers to seal 2FA code from users
Summary
Microsoft fixed a serious security problem in its M365 Copilot AI tool that let hackers steal two-factor authentication (2FA) codes and other sensitive email data. The flaw happened because the AI could not tell the difference between safe instructions and harmful hidden commands, letting attackers trick it into sending private information.Key Facts
- Microsoft patched a critical vulnerability in its M365 Copilot AI platform last Tuesday.
- The flaw allowed hackers to use specially crafted links to trick Copilot into accessing and leaking 2FA codes and email data.
- The attack used a technique called Parameter-to-Prompt Injection, where malicious commands are placed in URLs sent to the user.
- By clicking a link in an email, the victim unknowingly triggered Copilot to search their emails and embed secret data into image links, which were sent to attackers.
- Copilot has protections (guardrails) to stop sending data to untrusted sites, but these protections can be bypassed during the AI’s response streaming phase.
- Hackers exploited the way Copilot generates HTML responses temporarily in the browser before protections activate, allowing data to be sent out early.
- Microsoft’s Bing search engine was used as an intermediate step to bypass request restrictions.
- This vulnerability shows challenges in securing AI systems that automatically handle user data and instructions from third-party content.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.