HackerOne 101: Grammarly Model Poisoning Attacks

KartikJha - Sep 15 - - Dev Community

Introduction

This is one of the first articles in a series of articles based on the hackerone bug bounty program by grammarly.

In this article we are going to get introduced to data poisoning attacks and will discuss label flipping with a working example on the grammarly APIs itself.

Model Poisoning

Model poisoning is a type of adversarial attack that targets machine learning models, particularly during their training phase. The goal of model poisoning is to subtly alter the model's behavior by introducing malicious data or manipulating the training process, causing the model to make incorrect predictions or behave in a way that benefits the attacker.

Label Flipping

This attack involves marking correct input with incorrect label and incorrect input with correct label so that the model starts giving wrong predictions

In the context of grammarly we will try to investigate the grammarly web app and APIs that power spelling correctness feature.

grammarly spelling correctness ui

The investigation

  1. Ruling out server side AI model support
  • Checked for activity in the network tab
  • Could only see logV2, events and authorization requests in the network logs

logV2

POST /logv2 HTTP/2
Host: f-log-editor.grammarly.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.grammarly.com/
Content-Type: application/json
Content-Length: 2914
Origin: https://app.grammarly.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Enter fullscreen mode Exit fullscreen mode

This is probably a logging API sending user and user-agent related info on every page reload

events

curl 'https://gnar.grammarly.com/events' -X POST -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Referer: https://app.grammarly.com/' -H 'Content-Type: application/json' -H 'Origin: https://app.grammarly.com' -H 'Connection: keep-alive' -H 'Cookie: grauth=AABN_y5k8nO1QVQ7lyDTKrp_68vQR2HUQFVp5r3NklXGkfJRIn2CJM1Hqn7WxAU1bhjxbJNgtpF_xPCi; csrf-token=AABN/9Bb12L12hlkibY1S8ONAetDOcsjuYIc5g; gnar_containerId=xjaj96uqklmu0902; _gcl_au=1.1.2013238534.1725196671; _ga_CBK9K2ZWWE=GS1.1.1725200925.2.0.1725200925.60.0.0; _ga=GA1.1.469893869.1725196671; _pin_unauth=dWlkPU4yTTRORFEzWVRrdFpXTmtNaTAwTkRKakxUazVaVGt0TkRFeVlUSTFZams1TVRrMQ; __podscribe_grammarly_referrer=https://www.google.com/; __podscribe_grammarly_landing_url=https://www.grammarly.com/ai-writing-assistant; __podscribe_did=pscrb_f542134c-de91-49e8-99de-dca7bab0e0cb; _tq_id.TV-7281365481-1.3988=69840ec454ed06bc.1725196672.0.1725200923..; _clck=1o62qwl%7C2%7Cfow%7C0%7C1705; _fbp=fb.1.1725196673331.19073762163984477; funnelType=free; tdi=tmwup2itzfdtt5czk; last_authn_event=666f04d3-a2ac-4b8a-b152-ff82465ee922; gac=AABN_0pbfOxu1yQOL6aAyc1jL4ELkaY4_eC9XZbBF3nANLbuz9K9n_TbuLizWGC1YPd60rEy2PrW7SJrVozu2REsn5a11gxzmUTEUuMiPCFpc3Yu; isGrammarlyUser=true; experiment_groups=gb_analytics_mvp_phase_one_30_day_enabled|auto_complete_correct_safari_enabled|extension_assistant_bundles_all_consumers_enabled|officeaddin_ue_exp3_enabled|fsrw_in_assistant_all_consumers_enabled|extension_new_rich_text_fields_enabled|safari_migration_inline_disabled_enabled|officeaddin_upgrade_state_exp1_enabled1|officeaddin_outcomes_ui_exp5_enabled1|premium_ungating_renewal_notification_enabled|kaza_security_hub_enabled|extension_assistant_all_consumers_enabled|quarantine_messages_enabled|small_hover_menus_existing_enabled|fsrw_in_assistant_all_enabled|emogenie_beta_enabled|gb_snippets_csv_upload_enabled|grammarly_web_ukraine_logo_dapi_enabled|extension_fluid_for_all_rollout_test_enabled|officeaddin_upgrade_state_exp2_enabled1|apply_formatting_all_enabled|gb_analytics_mvp_phase_one_enabled|wonderpass_enabled|extensionfrench rap songsfrench rap songs_assistant_experiment_all_enabled|apply_formatting_all_consumers_enabled|gdocs_for_all_safari_enabled|extension_assistant_all_enabled|safari_migration_backup_notif1_enabled|ipm_extension_release_test_1|auto_complete_correct_edge_enabled|snippets_in_ws_gate_enabled|extension_assistant_experiment_all_consumers_enabled|extension_assistant_bundles_all_enabled|safari_migration_popup_editor_disabled_enabled|officeaddin_proofit_exp3_enabled|safari_migration_inline_warning_enabled|gb_in_editor_free_Test1|gdocs_for_all_firefox_enabled|gdocs_new_mapping_enabled|officeaddin_muted_alerts_exp2_enabled1|officeaddin_perf_exp3_enabled|shared_workspaces_enabled; _rdt_uuid=1725196671125.3dfe8c32-2a63-4036-a141-50c3f417cb98; _uetvid=97301a70686411efbb3e2ddb14c6081b; _clsk=1yrnj8i%7C1725419260716%7C1%7C0%7Cz.clarity.ms%2Fcollect; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL2FwcC5ncmFtbWFybHkuY29tL2Rkb2NzLzI1Njg3MjI3NDcifQ==; browser_info=FIREFOX:117:COMPUTER:SUPPORTED:FREEMIUM:LINUX:LINUX' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-site' -H 'TE: trailers' --data-raw '{"events":[{"action":"show","eventName":"editor/assistant-lens-show","object":"lens","objectId":"assistant","lens":"all-suggestions","pageId":"document","client":"editor","clientVersion":"1.5.43-6200+master","instanceId":"0RGsM5vY","batchId":5,"containerId":"xjaj96uqklmu0902","userId":"2460910660","isTest":false,"userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0","screenWidth":1920,"screenHeight":1080,"containerWidth":612,"containerHeight":887,"devicePixelRatio":1}]}'
Enter fullscreen mode Exit fullscreen mode

This API also reports the current UI filters and userAgent details but also sends server side cookies for communication with podscribe

No data gets transported on repeated reload of the web page

All of the above was written around 27 August 2024, it was the last time I changed my root user password.

check last password update for a user

I updated the links today to the hackerone website and grammarly hackerone project, maybe they will expire in the coming future but the thrill of making money while exploring the interconnected products and their architecture is something that brings a smile on my face this Engineer's Day :).

Happy Engineer's Day

K

Image
How can I complain to Myntra online?
Image
Test Staging Consent Management Platforms (CMP) Scripts on Production
Image
User-Friendly Design and Navigation
Image
PostgREST 12.2: Prometheus metrics

webdev, programming, database, opensource
Image
How do I forward HTTP requests through a SOCKS5 proxy?

socks5, proxy, python, http
Image
Mastering URL Redirections with AWS CloudFront Functions

aws, webdev, seo, devops
Image
I AM SORRY.......

webdev, javascript, beginners, programming
Image
Essential Tips for Coding in Java

codeproject, java, javaprogram
Image
Build An Audio Transcriber and Analyzer using ToolJet and OpenAI🎙️

javascript, webdev, ai, programming
Image
Behind the Scenes: Implementing AI to Streamline Retrospectives

ai, atlassian, retrospective
Image
Progressive Web Apps: The Future of Web Development

pwa, javascript, programming, beginners
Image
DynamoDB vs MongoDB: A Detailed Comparison

dynamodb, mongodb
Image
What’s New in Next.js 15 RC?

react, development, web, whatsnew
Image
Insert Smoke Test Script on Production to Run Smoke Test on New Builds

smoketest
Image
What Is An AI Development Service? : Future Of Technology

webdev, programming, python, devops
Image
API Versioning at Monite

webdev, python, programming, opensource
Image
Hello everyone 👋

ai
Image
The Data Science Toolkit: Essential Tools for Every Data Scientist
Image
كيف تحصل على تأشيرة السعودية إلكترونيا؟
. . . .
Terabox Video Player