December 14, 2016

Should we worry about chatbots?

Markus Melin

Head of Tieto Security Services, Tieto

2016 was the year that introduced chatbots to the general audience. You know: the AI powered services that you interact with using a chat interface.

In April, Facebook opened Messenger for chatbot app developers. Millions of people already chat with Xiaoice on the Chinese micro-blogging service Weibo. Some are already arguing that, for rather obvious reasons, chatbots are here to stay.

For individuals, chatbots offer nice treats. If it’s possible to check the weather broadcast, ask questions from the president of the US or order food without leaving Messenger or Slack, why shouldn’t you? I’m pretty sure many people are already annoyed with the swarm of different apps and not that eager to download more for their device.  

So, the more services you can use on one platform without leaving the app, the merrier, right?

I wouldn’t want to be a spoilsport but there are also looming threats that can’t be set aside.

First, there is the developer side. There is the risk that because of a bug or wicked intention the chatbot opens access for felons.

Think about it for a moment. If the bot is approved and installed to the application, it is inside the system. If there is a backdoor that hasn’t been noticed in security auditing, you are in big trouble.

The felons can do their harm much easier when they are inside than working from the outside. They'll be able to look for credit card details and other private information or take over the data and lock it for ransom.

Second, there is the human factor that we’ve discussed also before. When it comes to boring stuff like cyber security (who always reads the Terms and Conditions documents, raise your hand, please?), consumers tend to be lazy and trustful.

This is especially true with new shiny things. We humans are not that cautious creatures like rats: it just is in our nature to marvel and get excited with new things.

We are living in an uneasy period before chatbots become as common as emails. The majority of people are now able to detect phishing emails and avoid clicking those dangerous links. It takes time to reach this level of general awareness with chatbots. We don’t yet have the common sense or intel to distinguish a trustworthy bot from a shady one.

So what can you do to detect criminal chatbots? I’ll discuss this in future blogs.

Read more how Tieto Security Services can help you manage your online security.

Stay up-to-date

Get all the latest blogs sent you now!