Microsoft's AI healthcare bots might have some worrying security flaws

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)

Microsoft’s AI-powered bots for the healthcare industry have been found to be vulnerable in a way that allowed threat actors to move across the target IT infrastructure, and even steal sensitive information. 

Cybersecurity researchers Tenable, who discovered the flaws and reported them to Microsoft, outlined how the flaws in Azure Health Bot Service enabled lateral movement throughout the network, and thus access to sensitive patient data. 

The Azure AI Health Bot Service is a tool enabling developers to build and deploy virtual health assistants, powered by artificial intelligence (AI). That way, healthcare orgs can cut down on cost and improve efficiency, without compromising on compliance. 

Data Connections

Generally speaking, digital assistants also work with plenty of sensitive information, which makes security and data integrity paramount. 

Tenable sought to analyze how the chatbot handles the workload, and found a few issues in a feature called “Data Connections”, designed to pull data from other services. The researchers pointed out that the tool does have built-in safeguards that block unauthorized access to internal APIs, but they managed to bypass them by issuing redirect responses while reconfiguring a data connection through a controlled external host. 

They set up the host to respond to requests with a 301 redirect response aimed at Azure’s metadata service (IMDS). That gave them access to a valid metadata response which, in turn, gave them an access token for management.azure.com. With the token, they were able to get a list of all the subscriptions it grants access to.

A few months ago, Tenable reported its findings to Microsoft, and soon after all regions were patched. There is no evidence the flaw was exploited in the wild, it added. 

"The vulnerabilities discussed....involve flaws in the underlying architecture of the AI chatbot service rather than the AI models themselves," the researchers noted, adding this, "highlights the continued importance of traditional web application and cloud security mechanisms in this new age of AI powered services."

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.