Security experts at Salt Security have identified multiple vulnerabilities within ChatGPT plugins, potentially compromising user data and leading to account takeovers. The vulnerabilities, which span across OAuth authentication flaws and zero-click account takeovers, have prompted immediate responses from the affected developers. The discovery underscores the ongoing challenges in safeguarding interactive AI platforms against exploitation.
Details of the Vulnerabilities
The first vulnerability, rooted in the OAuth authentication process, allows attackers to install malicious plugins on victims’ ChatGPT accounts. By crafting a plugin that directs ChatGPT to forward chat data, attackers could gain access to sensitive information shared during sessions. This flaw highlights the risks associated with granting third-party plugins access to personal and sensitive data.
Another significant vulnerability discovered involves a zero-click account takeover mechanism affecting multiple plugins. Specifically, the AskTheCode plugin developed by PluginLab.AI, which facilitates access to GitHub repositories, was found susceptible. Attackers exploiting this flaw could gain unauthorized access to a user’s GitHub repositories, posing a severe security risk to software development projects.
The third vulnerability pertains to OAuth redirection manipulation, impacting several plugins, including Charts by Kesem AI. This issue could be exploited through a specially crafted link, tricking users into compromising their accounts.
Response and Mitigation
Upon discovery, Salt Labs promptly reported these vulnerabilities to the respective developers, PluginLab.AI and KesemAI, who have since addressed the issues. The incident serves as a critical reminder of the importance of rigorous security protocols in the development and maintenance of plugins and extensions for popular platforms like ChatGPT.
Furthermore, Salt Security has announced the discovery of vulnerabilities within GPTs (Generative Pre-trained Transformers), promising to detail these findings in future reports. This revelation points to a broader issue within the AI and plugin ecosystem, necessitating ongoing vigilance and proactive security measures.
In conclusion, the swift identification and remediation of these vulnerabilities demonstrate the collaborative effort between security researchers and developers to fortify the security of AI platforms and protect users from potential threats. As ChatGPT and similar technologies continue to evolve, so too must the strategies to defend against exploitation and ensure a secure user experience.
