The use of ChatGPT plugins has gained a lot of prominence as of late because of the fact that this is the sort of thing that could potentially end up allowing the LLM chatbot to interact with third party programs and services. These interactions can give it more functionality than might have been the case otherwise, but this type of usage might come at a heavy cost. To put it plainly, such plugins have exhibited an increased level of susceptibility to cyberattacks.
With all of that having been said and now out of the way, it is important to note that this information is based on research that was recently conducted by Salt Labs. The study revealed three flaws, one of which was found in ChatGPT itself, with another having to do with PluginLab and a third with OAuth.
The main issue here is the exchange of third party data between apps. This essentially creates an opening for malicious actors to infect the system with malware or to launch various other cyberattacks with all things having been considered and taken into account.
As far as the ChatGPT vulnerability is concerned, it involved a redirect to a third party site where the user received an access code approved by the owner of the plugin in question. This code allows the user to install the plugin and interact with ChatGPT accordingly, but malicious actors are able to circumvent this process and replace the code with one belonging to a malicious plugin.
Once this is done, the malicious actor can upload their credentials to the user’s account and intercept any messages the user sends to ChatGPT. Considering the sensitive data that some users might be sending to ChatGPT, one can imagine how much harm this has the potential to end up causing.
At the end of the day, more work needs to be done for the purposes of securing plugins. People are going to continue using them at this current point in time, and as a result of the fact that this is the case, security should be taken much more seriously down the line.
Image: DIW-AIgen
Read next: TikTok Just Launched Creator Search Insights for Trending Topics
With all of that having been said and now out of the way, it is important to note that this information is based on research that was recently conducted by Salt Labs. The study revealed three flaws, one of which was found in ChatGPT itself, with another having to do with PluginLab and a third with OAuth.
The main issue here is the exchange of third party data between apps. This essentially creates an opening for malicious actors to infect the system with malware or to launch various other cyberattacks with all things having been considered and taken into account.
As far as the ChatGPT vulnerability is concerned, it involved a redirect to a third party site where the user received an access code approved by the owner of the plugin in question. This code allows the user to install the plugin and interact with ChatGPT accordingly, but malicious actors are able to circumvent this process and replace the code with one belonging to a malicious plugin.
Once this is done, the malicious actor can upload their credentials to the user’s account and intercept any messages the user sends to ChatGPT. Considering the sensitive data that some users might be sending to ChatGPT, one can imagine how much harm this has the potential to end up causing.
At the end of the day, more work needs to be done for the purposes of securing plugins. People are going to continue using them at this current point in time, and as a result of the fact that this is the case, security should be taken much more seriously down the line.
Image: DIW-AIgen
Read next: TikTok Just Launched Creator Search Insights for Trending Topics
