"At the heart of the architecture is a local gateway that communicates via WebSockets and is bound to localhost by default. This gateway handles authentication, manages sessions, stores configurations, and controls connected nodes. These nodes can be other devices and have extensive capabilities, including executing system commands and accessing sensitive data. Security assumes that local traffic is trustworthy."
"OpenClaw is a self-hosted AI platform that has exploded in popularity in a short period of time. Within days, the project garnered over 100,000 stars on GitHub and became an integral part of the workflow for thousands of developers. The software runs locally on laptops and often has far-reaching access to messaging apps, calendars, development tools, and the underlying operating system."
"Browsers do not block WebSocket connections to localhost via cross-origin restrictions. As a result, JavaScript on a malicious website can connect to the local gateway, potentially allowing attackers to take control of the AI agent and its connected nodes without any user interaction or notification."
OpenClaw, a rapidly popular self-hosted AI platform with over 100,000 GitHub stars, contained a severe vulnerability called ClawJacked discovered by Oasis Security. The flaw exploited the local gateway architecture that communicates via WebSockets bound to localhost, which handles authentication, sessions, and node control. Browsers fail to block WebSocket connections to localhost due to cross-origin restrictions, enabling malicious websites to execute arbitrary JavaScript that connects to the gateway. This differs from previous supply chain attacks on ClawHub and affects standard installations. OpenClaw's autonomous capabilities across messaging apps, calendars, development tools, and operating systems made this vulnerability particularly dangerous. The developers released a security patch within 24 hours of discovery.
#ai-security-vulnerability #openclaw-clawjacked #websocket-exploitation #supply-chain-security #localhost-security
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]