Security vulnerabilities discovered in ChatGPT plugins, prompting patch rollouts

In a recent analysis conducted by API security firm Salt Security, vulnerabilities within ChatGPT plugins have been uncovered, potentially exposing users to security threats, including data breaches and account takeovers on third-party platforms.

 

ChatGPT plugins serve as gateways for users to access real-time information and integrate ChatGPT with various third-party services, such as GitHub and Google Drive. However, these plugins require permissions to transmit user data to associated websites and may necessitate access to the user’s account on the respective service.

 

Salt Security’s investigation revealed several vulnerabilities, with the first affecting ChatGPT directly in relation to OAuth authentication. Exploiting this flaw, attackers could deploy a malicious plugin with their credentials onto a victim’s account without confirmation. Consequently, any messages, potentially containing sensitive information, typed by the victim could be intercepted by the attacker.

 

The second vulnerability was detected within the AskTheCode plugin by PluginLab.AI, which is used for GitHub interaction. This security loophole could enable attackers to seize control of victims’ GitHub accounts and access their code repositories through a zero-click exploit.

 

Furthermore, Salt Security identified a third vulnerability, also tied to OAuth, impacting various plugins, with specific emphasis on the Charts plugin by Kesem AI. Through social engineering tactics, attackers could manipulate users into clicking on crafted links, facilitating the hijacking victims’ accounts associated with the plugin.

 

Following discovering these vulnerabilities in the summer of 2023, Salt Security promptly reported them to OpenAI, PluginLab.AI, and Kesem AI. Subsequently, vendors rolled out patches over the subsequent months to mitigate the risks.

 

At the time of Salt Security’s investigation, ChatGPT plugins were the primary method for enhancing functionality within the Language Learning Model (LLM). However, in November, OpenAI announced the introduction of customizable GPTs for paying customers, intended to supplant plugins and cater to specific topics or tasks.

 

Despite this transition, Salt Security warns of vulnerabilities in GPTs, with plans to disclose their findings in an upcoming blog post. Moreover, other researchers have identified methods to exploit GPTs, underscoring the ongoing need for robust security measures in AI-driven platforms.