Edu, J; Mulligan, C; Pierazzi, F; Polakis, J; Suarez-Tangil, G; Such, J; (2022) Exploring the Security and Privacy Risks of Chatbots in Messaging Services. In: Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. (pp. pp. 581-588). Association for computering Machinery (ACM): Nice, Fance.

Preview

Text Polly_Discord.pdf - Accepted Version Download (908kB) | Preview

Abstract

The unprecedented adoption of messaging platforms for work and recreation has made it an attractive target for malicious actors. In this context, third-party apps (so-called chatbots) offer a variety of attractive functionalities that support the experience in large channels. Unfortunately, under the current permission and deployment models, chatbots in messaging systems could steal information from channels without the victim’s awareness. In this paper, we propose a methodology that incorporates static and dynamic analysis for automatically assessing security and privacy issues in messaging platform chatbots. We also provide preliminary findings from the popular Discord platform that highlight the risks that chatbots pose to users. Unlike other popular platforms like Slack or MS Teams, Discord does not implement user-permission checks—a task entrusted to third-party developers. Among others, we find that 55% of chatbots from a leading Discord repository request the “administrator” permission, and only 4.35% of chatbots with permissions actually provide a privacy policy.

Downloads since deposit

Loading...

3Downloads

Download activity - last month

Export as XMLCSVJSON

Loading...

Download activity - last 12 months

Export as JSONCSVXML

Loading...

Downloads by country - last 12 months

Export as JSONCSVXML

Loading...

Archive Staff Only

View Item