近日,安全网络专家MrBruh意外发现快餐连锁店肯德基(KFC)所用AI招聘系统存在重大漏洞。据悉,该漏洞不仅可以窃取求职者信息,还允许攻击者掌握AI系统,从而雇用或拒绝快餐店应聘者。
MrBruh表示,他通过编写一个脚本,用于扫描.ai TLD公司暴露的Firebase(开发者常用的后端平台)凭证。在返回的结果中,他发现了与肯德基有关的Firebase配置。进一步探测后,他发现可以访问管理员仪表板,显示使用Chattr公司的组织列表,并具有接受或拒绝求职者,以及向Chattr退款的能力。
肯德基方面回应称,Chattr只与一家肯德基特许经营商合作,但并未透露具体合作细节。据了解,Chattr是一家招聘自动化平台。
这一事件再次引发了公众对AI系统安全性的担忧。在数字化时代,个人信息安全愈发重要,企业应加强对AI系统的监管和维护,确保用户信息安全。
Title: KFC AI recruitment system exposed vulnerabilities
Keywords: KFC, AI recruitment, system vulnerabilities
News content:
Recently, security expert MrBruh discovered a serious vulnerability in the AI recruitment system used by fast-food chain KFC. The flaw not only allows attackers to steal applicant information but also enables them to take control of the AI system, granting or denying employment to applicants at the chain.
MrBruh explained that he discovered the vulnerability by creating a script to scan Firebase credentials exposed by .ai TLD companies. In the returned results, he found a Firebase configuration related to KFC. Upon further exploration, he discovered that he could access the administrator dashboard, display a list of organizations using Chattr, a recruitment automation platform, and gain the ability to accept or reject job applicants, as well as refund Chattr.
KFC responded that Chattr only collaborates with one of its franchisees but did not provide specific details about the partnership. Chattr is a recruitment automation platform.
This incident has once again raised concerns about the security of AI systems. In the digital age, the security of personal information is increasingly important, and companies should strengthen the supervision and maintenance of AI systems to ensure the security of user information.
【来源】https://www.ithome.com/0/744/789.htm
Views: 1