Vulnerability in Copilot exposed 2FA codes to hackers
Last Tuesday, Microsoft fixed a critical flaw in M365 Copilot that allowed hackers to access two-factor authentication (2FA) codes and other sensitive data. The flaw, revealed by researchers, showed that Copilot, like other language models, cannot differentiate legitimate commands from malicious instructions embedded in third-party content. This leaves companies reliant on complex, makeshift barriers to mitigate the risks of this vulnerability.
Copilot and other language models were designed not to submit forms or emails over the web, but hackers found ways around this using markup language. This technique allows formatting text without needing HTML tags, facilitating the capture of confidential data. One method involves wrapping sensitive data in HTML tags like <img> and <form>, causing a web request to hit the attacker's server, where the information is captured.
The trick that fooled Copilot
Varonis, a security firm, created an exploit chain that managed to bypass these barriers. The trick begins with a prompt parameter injection, where a malicious command is inserted into a URL parameter. Clicking a link instructs Copilot to fetch and extract information from the user's emails, embedding it into an image URL. Even with protections to wrap output in <code> blocks, the flaw occurs before this protection is triggered, allowing the request to already be sent.
Copilot does not send image requests to most sites, but the exploit used Bing as a stepping stone. Bing, being a trusted site, can send requests to attacker-controlled domains. Varonis named this technique SearchLeak. The primary target is corporate users, potentially exposing emails, meeting invites, and even SharePoint documents and OneDrive files.
The continuous cycle of vulnerabilities
Embora a Microsoft tenha corrigido as falhas exploradas pelo SearchLeak, a raiz do problema persiste. Sem uma solução definitiva para impedir que modelos de linguagem sigam instruções maliciosas, novos métodos de exploração inevitavelmente surgirão. Isso cria um ciclo contínuo de vulnerabilidades, onde as empresas precisam constantemente reforçar suas defesas.










Comments (0)
Comments are moderated and if they violate our Terms and Conditions of use, the comment will be deleted. Persistence in violation will result in a ban of your account.