Hackers have been found to have the ability to read encrypted chats with AI assistants, according to researchers at Ben-Gurion University. This vulnerability affects cloud-based AI assistants such as Chat-GPT, allowing hackers to intercept and decrypt conversations between users and the AI assistants.
The research revealed that chatbots like Chat-GPT send responses in small tokens broken into parts to expedite the encryption process. However, this method makes it possible for hackers to intercept these tokens and analyze their length, size, and sequence to decrypt the responses.
Yisroel Mirsky, head of the Offensive AI Research Lab, highlighted the severity of the vulnerability, stating that anyone, including malicious actors on the same Wi-Fi network or the internet, can read private chats sent through ChatGPT and similar services without detection.
The researchers suggested two solutions to address this issue: either stop sending tokens individually or pad tokens to the maximum packet length to make them more difficult to analyze.
The vulnerability was confirmed across various platforms, including Microsoft Bing AI (Copilot) and OpenAI’s ChatGPT-4. The researchers successfully deciphered responses from multiple services by exploiting this vulnerability, indicating a widespread security concern in the AI assistant ecosystem.
By addressing these vulnerabilities in AI assistants, users can better protect their privacy and sensitive information from potential attacks and unauthorized access. It is essential for AI developers to prioritize security measures and encryption protocols to prevent such exploits in the future.
Frequently Asked Questions (FAQs) Related to the Above News
What is the critical vulnerability discovered in cloud AI assistants?
The vulnerability allows hackers to intercept and decrypt encrypted chats between users and cloud-based AI assistants like Chat-GPT.
How do hackers exploit this vulnerability?
By analyzing the length, size, and sequence of small tokens used in the encryption process, hackers can intercept and decrypt conversations.
Which AI assistants are affected by this vulnerability?
Cloud-based AI assistants such as Chat-GPT, Microsoft Bing AI (Copilot), and OpenAI's ChatGPT-4 are confirmed to be vulnerable.
Who can potentially read private chats due to this vulnerability?
Anyone, including malicious actors on the same Wi-Fi network or the internet, can read private chats sent through vulnerable AI assistants without detection.
What solutions were suggested by the researchers to address this vulnerability?
The researchers suggested either stopping sending tokens individually or padding tokens to the maximum packet length to make decryption more difficult.
Why is it important for AI developers to prioritize security measures in AI assistants?
Prioritizing security measures and encryption protocols can help prevent potential attacks and unauthorized access to users' private chats and sensitive information.
Please note that the FAQs provided on this page are based on the news article published. While we strive to provide accurate and up-to-date information, it is always recommended to consult relevant authorities or professionals before making any decisions or taking action based on the FAQs or the news article.
