OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under certain conditions.
The safety checks are yet to be implemented in the iOS mobile app for ChatGPT, so the risk on that platform remains unaddressed.
Security researcher Johann Rehberger discovered a technique to exfiltrate data from ChatGPT and reported it to OpenAI in April 2023.
The researcher later shared in November 2023 additional information on creating malicious GPTs that leverage the flaw to phish users.
Hence it seems best to share this with the public to raise awareness.
The data theft involves image markdown rendering and prompt injection, so the attack requires the victim to submit a malicious prompt that the attacker directly supplied or posted somewhere for victims to discover and use.
A malicious GPT can be used, like Rehberger demonstrated, and users who use that GPT wouldn't realize their conversation details along with metadata and technical data are exfiltrated to third-parties.
After Rehberger publicized the flaw details on his blog, OpenAI responded to the situation and implemented client-side checks performed via a call to a validation API to prevent images from unsafe URLs from rendering.
The researcher notes that in some cases, ChatGPT still renders requests to arbitrary domains, so the attack could still work sometimes, with discrepancies observed even when testing the same domain.
Since specific details on the check that determines if a URL is safe are unknown, there's no way to know the exact cause of these discrepancies.
It's noted that exploiting the flaw is now more noisy, has data transfer rate limitations, and works a lot slower.
It is also mentioned that the client-side validation call has yet to be implemented on the iOS mobile app, so the attack remains 100% unmitigated there.
It is also unclear whether the fix was rolled out to the ChatGPT Android app, which counts over 10 million downloads on Google Play.
ChatGPT down after major outage impacting OpenAI systems.
OpenAI confirms it's not killing off ChatGPT plugins for now.
BidenCash darkweb market gives 1.9 million credit cards for free.
U.S. nuclear research lab data breach impacts 45,000 people.
Toyota warns customers of data breach exposing personal, financial info.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 21 Dec 2023 16:45:14 +0000