Blog.Telekom

DT Security Testing Team

The chatbot as exploit

Before others can find it: Penetration tests and source code analyses make an essential contribution to IT security. For example, if serious security gaps are found and closed as a result. As in this case.

Deutsche Telekom Security Testing Team

Deutsche Telekom Security Testing Team. © Generated by Dall-E for Deutsche Telekom AG

Attackers take over company systems with the help of the "new kid in the customer support"? You don't want to read such headlines and we have made sure that it doesn't happen in the first place. We, that is the Security Testing Team of Deutsche Telekom, and the support’s newcomer is the chatbot in many companies. 

They can be found there - but also in more and more areas - and are enjoying increasing popularity. Chatbots help in natural language, are available around the clock and are cheaper than a call center team, for example. Today, they are based on artificial intelligence (AI), which is on everyone's lips right now. But with every new, networked technology, the attack surface of digital technology grows. And the number of possible vulnerabilities that can be used as a door to networked systems is also increasing. 

As the Security Testing Team, we found such a solution in a product from Rasa at the beginning of 2025. You can use it to build these popular chatbots. In so-called penetration tests, we first identified this vulnerability in Rasa. Then we sounded out the criticality and determined how far we can go thanks to the vulnerability. In fact, we were even able to take over a system completely. To do this, we have combined techniques from the areas of penetration testing and source code analysis. 

When we talk about artificial intelligence in relation to chatbots, we are talking about the large AI language models (LLM). They specialize in finding the right answer to a specific question. In the case of Rasa, the model consists of several parts, each of which is active at different points in a system architecture. Some of these components were vulnerable to the so-called deserialization attack. As a result, attackers who gain access to certain data streams can execute lines of code on the system server. 

Rasa allows users to access it remotely via an interface. In this way, it was possible to exchange the model and thus execute code on the server. This is referred to as remote code execution (RCE). This allows an attacker to take over a system completely. 

But we didn't just explore the weaknesses of the product. We also thought about how to fix them. By exchanging the functions, the data load from components of the model on the one hand. And on the other hand, by unsing libraries that do not allow deserialization attacks. 

From these detailed analyses, the Security Testing Team at Telekom Security has developed a proof of concept (PoC). We immediately made this available to Rasa. As part of the so-called "Responsible Disclosure" principle, we discussed possible solutions with the manufacturer. After Rasa confirmed and fixed the vulnerability, the Security Testing Team verified the effectiveness of the patch. Afterwards, the patches were released by Rasa. 

This is an excellent example of how penetration tests and source code analyses make an essential contribution to IT security for everyone. We also carry out penetration tests on behalf of our customers. For example, before the market launch of a product. 

More technical details about this vulnerability and a technical description of how it was found and how the PoC was developed can be found here.
 

A package lies in front of the entrance door

Blog.Telekom

TR4xx@DTSecurity

0 Comments

Security: Moqhao masters new tricks

News from the Moqhao malware family. It attacks Android smartphones and has now even learned to overcome CAPTCHA.

FAQ

Cookies and similar technologies

We use cookies and similar technologies on our website to save, read out and process information on your device. In doing so, we enhance your experience, analyze site traffic, and show you content and ads that interest you. User profiles are created across websites and devices for this purpose. Our partners use these technologies as well.


By selecting “Only Required”, you only accept cookies that make our website function properly. “Accept All” means that you allow access to information on your device and the use of all cookies for analytics and marketing purposes by Deutsche Telekom AG and our partners. Your data might then be transferred to countries outside the European Union where we cannot ensure the same level of data protection as in the EU (see Art. 49 (1) a GDPR). Under “Settings”, you can specify everything in detail and change your consent at any time.


Find more information in the Privacy Policy and Partner List.