Unmasking Chatbots: Hacking API Interfaces and Countermeasures
A chatbot is an interactive chat robot based on artificial intelligence that is designed to simulate human conversation. Chatbots market is predicted to expand at an incredibly high CAGR of 27.8% in terms of revenue, within a forecast period from 2016 to 2024 (Transparency Market Research). Lloyds Banking Group, Royal Bank of Scotland, Renault and Citroën are now using automated online assistants instead of call centers with humans. But, APIs are the glue to chatbots because are entirely APIs & events driven, negates the need for CSS interface needed, facilitates ease of services’ integration including NLP and for example. AWS<>MongoDB<>salesforce<>Slack, and, enables Monitoring, Testing, and Security. And did we say, Security?!.
In this presentation, we will demonstrate how to hack chatbots APIs, to exploit privacy data breaches and even cause DDoS attacks using the exploited API endpoints.
And we close this presentation with some practical countermeasures such as using the proper encryption key management practices, addressing business logic flaws and hardening of API endpoints securely
In this presentation, we will demonstrate how to hack chatbots APIs, to exploit privacy data breaches and even cause DDoS attacks using the exploited API endpoints.
And we close this presentation with some practical countermeasures such as using the proper encryption key management practices, addressing business logic flaws and hardening of API endpoints securely
Biography
Christian DeHoyos
Christian currently works with Distil Network customers to shore up application defenses against sophisticated automated attacks. Previous to that, Christian worked at Mojo Networks, a company that prevents wireless based network attacks for customers like K-Swiss and the city of Castle Rock. Outside of work, Christian is an active volunteer in the San Francisco chapter of OWASP. He spends his weekends working towards his OSCP certification and preparing for his first triathlon.
Stephen Singam
Stephen is an Information Security & Technology Management professional with extensive experience in the Financial Services, Startups, Media & Entertainment and Cybersecurity Consulting industries, at HP, Commonwealth Bank of Australia, 20th Century Fox, Salesforce.com, IBM Corp and Nokia.