CometJacking Chaos: The Unaddressed Threat Lurking in AI Browsers
CometJacking is the latest cosmic caper in cybersecurity, exploiting URL parameters to send secret instructions to Comet AI. With no need for credentials or user interaction, attackers can hitch a ride on a malicious URL, potentially pilfering sensitive data from connected services. Yet, Perplexity seems unconvinced, marking the threat as “not applicable.”
Hot Take:
It looks like CometJacking is the latest sexy attack on the block, seducing unsuspecting users with all the charm of a phishing email wrapped in a seemingly harmless URL. While Perplexity’s AI browser might be roaming the web like a digital cowboy, it seems to have a slight hitch in its protective giddy-up. Who knew a little ‘prompt’ could lead to such an ‘impactful’ rendezvous with your sensitive data? Meanwhile, Perplexity’s nonchalant shrug in response to this news is the cybersecurity equivalent of saying, “Oh la la, c’est la vie!”
Key Points:
- CometJacking exploits URL parameters to pass hidden instructions to Comet AI browser.
- Attackers can access sensitive data from connected services without user interaction.
- LayerX researchers discovered the vulnerability, but Perplexity marked it as “not applicable.”
- The attack uses prompt-injection with the ‘collection’ parameter of the URL.
- Guardio Labs notes Comet’s security gaps, but its adoption is still increasing.