Why ChatGPT plugins are a potential security risk
Generative artificial intelligences (AI) based on large language models like ChatGPT gain significant power when connected to the internet.
This connection enables them to absorb and process new information directly. This is made possible by plugins for ChatGPT, which OpenAI presented at the end of March this year.
They make the chatbot even more flexible than it already is. But according to security experts, they also harbor risks.
Security researcher and Red Team Director at Electronic Arts, Johann Rehberger, has opposite Wired reported on these risks. According to Rehberger, ChatGPT plugins can steal chat history and collect personal information.
Editor’s Recommendations
In addition, they allow remote execution of code on the user’s computer. In particular, he focused on plugins that use Open Authorization (OAuth), an authorization method that allows data to be shared between different accounts.
“ChatGPT cannot trust the plugin,” says Rehberger. “It basically can’t trust what’s coming back from the plugin because it could be anything.”
In addition, an attack by a so-called cross-plugin request forgery is possible. A plugin opens another plugin, which then carries out the malicious activities.
Niko Felix, a spokesman for OpenAI, also spoke to Wired on the matter. Internally, the team is investigating how attackers could exploit plugins to attack users. To prevent this, all plugins are checked before entering the store.
In addition, they urge developers to design the plugins in such a way that users have to confirm every action that can affect real life, such as sending an email.
At least one plugin has already been removed from the store because it made an entry on the developer’s GitHub page without asking the user for permission.
