Unmasking Chatbots: Hacking API Interfaces and Countermeasures presented at BSidesOrlando 2017

by Stephen Singam, Christian Dehoyos,

Summary : A chatbot is an interactive chat robot based on artificial intelligence that is designed to simulate human conversation. Chatbots market is predicted to expand at an incredibly high CAGR of 27.8% in terms of revenue, within a forecast period from 2016 to 2024 (Transparency Market Research). Lloyds Banking Group, Royal Bank of Scotland, Renault and Citroën are now using automated online assistants instead of call centers with humans. But, APIs are the glue to chatbots because are entirely APIs & events driven, negates the need for CSS interface needed, facilitates ease of services’ integration including NLP and for example. AWS<>MongoDB<>salesforce<>Slack, and, enables Monitoring, Testing, and Security. And did we say, Security?!.
In this presentation, we will demonstrate how to hack chatbots APIs, to exploit privacy data breaches and even cause DDoS attacks using the exploited API endpoints.
And we close this presentation with some practical countermeasures such as using the proper encryption key management practices, addressing business logic flaws and hardening of API endpoints securely
In this presentation, we will demonstrate how to hack chatbots APIs, to exploit privacy data breaches and even cause DDoS attacks using the exploited API endpoints.
And we close this presentation with some practical countermeasures such as using the proper encryption key management practices, addressing business logic flaws and hardening of API endpoints securely