AI is supposed to make our lives easier, but a recent discovery has highlighted how it can be turned against us by opportunistic hackers.
AI tools are quickly becoming an everyday part of our lives. From drafting emails to creating complex Excel formulas in seconds, they promise to save us time and reduce our stress levels. A shining example of this is Claude, an AI assistant developed by Anthropic. When users install third-party Claude Desktop Extensions (DXT), Claude can connect to services such as messaging apps, cloud storage, and calendars through these high-privilege integrations.
However, as with any digital tool which starts to gain popularity, Claude is at risk of the attention of hackers. A team of security researchers has demonstrated that, using Claude, attackers could take advantage of an attack method known as prompt injection.
How Could Claude Be Used for Delivering Malware?
The problem with Claude is that it can easily be tricked into hidden (and malicious) instructions found in seemingly harmless content. For example, in a shared document or even an instant message, an attacker could deliver a set of specially tailored instructions which, to a human, looked harmless. However, deep within this text, there could also be lines of code designed to act as malicious commands for the AI assistant.
LayerX, an Israel-based security company, showed that a single malicious Google Calendar event could serve as an entry point for a zero-click remote code execution. LayerX created a calendar event which instructed Claude to access details from the user’s Google Calendar. As the extension runs with full system privileges, there was no need for popup prompts for access. Therefore, a victim would be none the wiser that anything nefarious was going on beneath the surface.
After this stealthy breach, Claude would be able to provide unauthorized access to a user’s Google Calendar. It’s likely that sensitive data – such as meeting titles, times, and participants – would then be harvested and transmitted to a remote server. It’s also possible that a malicious Google Calendar event could be used to download malware onto a victim’s PC. Therefore, an attacker could essentially turn a legitimately installed AI assistant into a powerful hacking weapon.
Strengthening the Security of AI Assistants
One of the bigger concerns about AI tools is that many users assume they can understand the same warning signs humans can. However, AI tools simply process information as it’s presented to them, hence the potential for danger. This is why it’s critical that you implement the following into your IT infrastructure:
- Limit AI Assistant Access: While your AI assistant will need access and privileges to some of your services, it won’t need access to all of them. Therefore, it’s crucial that you limit access, especially when it comes to services which can have powerful impacts on your systems.
- Be Cautious With Shared Files: You never know for certain where a shared file has come from, so you need to tread carefully when handling them. As we saw above, even a seemingly harmless Google Calendar entry can be used to compromise data. If in doubt about a file you’ve received, always run it by an IT professional.
- Regularly Review Permissions: To strengthen your defenses, it’s essential to regularly review the permissions and extensions across your systems. As your structure evolves, access rules can quickly become outdated. Keeping permissions up to date and limited is a straightforward way to reduce the risk of unauthorized access.
For more ways to secure and optimize your business technology, contact your local IT professionals.
