ChatGPT plugins were exposed to critical vulnerabilities and risked user data

Critical security flaws discovered in ChatGPT plugins put users at risk of data breaches. Attackers can steal login credentials and access sensitive data on third-party sites. Update your plugins now and only use extensions from trusted sources to stay safe from artificial intelligence-driven cyber threats.

Salt Security, a leader in application programming interface (API) security, has discovered critical vulnerabilities in OpenAI's popular ChatGPT AI chatbot plugins . These vulnerabilities could allow attackers to steal sensitive user data and gain unauthorized access to accounts on third-party sites or extract data from Google Drive .

This means that the functionality of the ChatGPT plugins, now known as GPT, could become an attack vector, allowing vulnerabilities to access third-party user accounts, including GitHub repositories, and allowing attackers to gain control of an organization's account on third-party sites and access sensitive data.

For your information, ChatGPT plug-ins (available exclusively to GPT-4 model users and requiring a ChatGPT Plus subscription to use) are designed to extend the capabilities of the chatbot by allowing it to interact with external services and be applicable across multiple domains. However, when using ChatGPT plug-ins, organizations may inadvertently allow them to send sensitive data to third-party websites and access private external accounts.

Three vulnerabilities

According to Salt Labs research , the company has discovered three vulnerabilities in ChatGPT plugins.

The first vulnerability

The first is in ChatGPT itself, where users are directed to the plugin's website to get an approval code. Attackers can use this feature to deliver users an approval code with a malicious plugin that allows them to install their credentials on the victim's account. Any message written in ChatGPT can be transmitted to the plugin, after which the attacker can access proprietary information.

The second vulnerability

The second vulnerability was discovered in PluginLab, the framework used to develop ChatGPT plugins. Salt Labs discovered that PluginLab does not apply proper security measures during the installation process, allowing attackers to install malicious plugins without users' knowledge.

Since PluginLab does not authenticate user accounts, attackers can insert a different user ID and obtain the victim's code, leading to account takeover. One of the affected plugins, "AskTheCode," integrates between ChatGPT and GitHub, allowing attackers to gain access to the victim's account.

Third vulnerability

Another vulnerability is OAuth redirection manipulation, which allows attackers to send malicious URLs to victims and steal user credentials. Many ChatGPT plugins request broad permissions to access various websites. This means that compromised plugins can steal credentials or other sensitive data from these third-party sites.

Following the practice of responsible disclosure, Salt Labs researchers worked with OpenAI and third-party vendors to promptly correct problems prior to use in the wild.

This research highlights the growing prevalence of AI and its potential security risks. In January 2024, Kaspersky discovered more than 3,000 posts on the dark web in which threat actors discussed using AI-based chatbots, such as ChatGPT, to develop similar tools to commit cybercrime.

Group-IB 's recently published Hi-Tech Crime Trends 23/24 report shows an increase in the use of artificial intelligence by cybercriminals, especially to find stolen ChatGPT credentials that can be used to access sensitive corporate data. Between January and October 2023, more than 225,000 infopredator logs containing compromised ChatGPT credentials were discovered.

Therefore, users are advised to carefully check permissions, install plugins only from trusted sources, and regularly update ChatGPT and plugins. Developers should address code execution vulnerabilities to protect user data. PluginLab developers should apply robust security measures throughout the plugin development lifecycle.