New research has found security flaws in the ChatGPT which could have allowed hackers to take over users' other accounts, such as GitHub.
Salt Security discovered various ChatGPT plugins had critical security flaws. These plugins allow the AI tool to access other websites and perform certain tasks, such as committing code in GitHub and retrieving data from Google Drive.
With these flaws, threat actors could have taken over third-party accounts, and accessed the sensitive data therein. The flaws have since been remediated.
Plugin concerns
Salt Security also notes that GPTs, which are similar to plugins, also pose a similar risk. These are custom versions of ChatGPT that any developer can publish.
Three separate flaws were found in ChatGPT plugins. The first was found when users install new plugins. ChatGPT sends the user a code which approves the installation. However, bad actors could have sent users a code that approves a malicious plugin instead.
The second was found in PluginLab, a site used to develop ChatGPT plugins. The site failed to properly authenticate user accounts, which again could have let hackers take them over. One of the plugins affected by this was "AskTheCode," which integrates between ChatGPT and GitHub.
The third was found within several plugins, and involved OAuth redirection manipulation. This could have allowed for account takeover as well. Since URLs were not validated by the plugins, attackers could have sent malicious links to users, used to steal their credentials.
Salt Security says it followed procedure once it discovered the flaws and notified OpenAI and the other affected parties. It claims that the issues were fixed quickly, and that is was no evidence of exploit in the wild.
