Skip to content Skip to footer

Potential Threats of Third-Party Plugins for OpenAI ChatGPT: Security Vulnerabilities Identified

Cybersecurity experts have recently discovered that third-party plugins for OpenAI ChatGPT pose a potential threat to the security of sensitive data. These plugins, designed to enhance ChatGPT's functionality, could be exploited by threat actors to gain unauthorized access to user accounts on third-party websites like .

Salt Labs, a cybersecurity firm, has identified several security flaws in ChatGPT and its ecosystem that could allow attackers to install malicious plugins without the user's consent. Once installed, these plugins could intercept and exfiltrate sensitive data, including proprietary information.

One vulnerability involves exploiting the OAuth workflow to trick users into installing a malicious plugin. This could allow attackers to intercept and steal all data the victim shares. Another flaw discovered by Salt Labs could be used to conduct zero-click account takeover attacks, giving attackers control over an organization's account on third-party websites.

In addition to these vulnerabilities, Salt Labs also found an OAuth redirection manipulation bug in several plugins, including Kesem , which could be used to steal account credentials associated with the plugin itself.

These findings come after Imperva reported two cross-site scripting (XSS) vulnerabilities in ChatGPT that could be used to take control of user accounts. In December 2023, a security researcher also demonstrated how custom GPTs could be used to phish for user credentials and transmit the stolen data to an external server.

In a separate study, researchers discovered a new side-channel attack on LLMs that uses token length as a covert means to extract encrypted responses from Assistants over the . This attack could potentially steal sensitive information from users interacting with assistants. 

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

You're in trouble, program. Why don't you make it easy on yourself. Who's your user?Master Control Program

Deitasoft © 2024. All Rights Reserved.