ChatGPT Plugins Pose Security Risks: Researchers

API security enterprise Salt Security identified three types of flaws within ChatGPT plugins, according to its advisory published on March 13. The flawed plugins help ChatGPT interact with third-party platforms like GitHub, Salesforce, and Google Drive. They also help to intercept up-to-date information.

The first flaw was found within the plugin installation process, which allows hackers to trick potential victims into installing malicious plugins. Once installed, the hacker can easily exploit the plugin to intercept private chat messages, including credentials and other sensitive data.

The second flaw was found within plugins developed by PluginLab, a framework used to develop various ChatGPT plugins. The researchers used “AskTheCode,” which integrates ChatGPT with a user’s GitHub account. The vulnerability allows zero-click attacks, which basically means that hackers can easily seize accounts without any malicious link or user authentication codes.

The third flaw was related to OAuth redirection manipulation and affected several plugins. Here the researchers used the Charts plugin by Kesem AI. However, to exploit this flaw and successfully seize user accounts, a hacker would need to trick victims into clicking attacker-generated malicious links.

Upon discovery, Salt Security followed procedures and notified OpenAI and third-party vendors to mitigate the potential risks and remediate these flaws.

On top of this discovery, the research team at Offensive AI Institute at Israel’s Ben Gurion University published an advisory about another AI generative tool vulnerability. The researchers found a side channel in non-Google AI chatbots, including Microsoft Copilot.

When exploited, these side channels allow a malicious threat actor to intercept network traffic in real-time and capture private conversations between a user and the AI tool.

Generative AI tools are touted as technologies that significantly improve efficiencies in our daily lives, whether at a personal or enterprise level. Therefore, any vulnerability puts millions of organizations and individuals at risk worldwide.

“As more organizations leverage this type of technology, attackers are too pivoting their efforts, finding ways to exploit these tools and subsequently gain access to sensitive data,” Yaniv Balmas, vice president of research at Salt Security said in a press release.