HomeWinBuzzer NewsOpenAI Encrypts ChatGPT Mac App Conversations After Security Flaw

OpenAI Encrypts ChatGPT Mac App Conversations After Security Flaw

OpenAI says it has strengthened the encryption of ChatGPT on Mac following the discovery of plaintext path to AI content.

-

has rolled out for the ChatGPT macOS app following the identification of a security vulnerability that left user conversations in plain text. This flaw made it possible for anyone with access to the user's computer to read these conversations.

Developer Pedro José Pereira Vieito brought the issue to the forefront by showcasing how an application could access plaintext conversations stored on a Mac. Vieito's demonstration, shared on Threads, highlighted how simply changing file names allowed access to these conversations.

OpenAI's Encryption Update

After being informed of this vulnerability, OpenAI responded with an update that encrypts ChatGPT conversations within the app. According to spokesperson Taya Christianson speaking to The Verge, the company is focused on upholding stringent security measures and safeguarding . The update effectively prevents Vieito's app from accessing conversations as plaintext.

The ChatGPT macOS app is available only through OpenAI's website, circumventing the Mac App Store and its associated sandboxing requirements. This distribution model means the app avoids some Apple-imposed security protocols. Vieito's investigation aimed to understand this choice by OpenAI.

Sandboxing on macOS is an optional security feature that isolates apps and their data, restricting access to other system parts. While essential for certain macOS apps requiring full disk access, chat apps handling sensitive information are generally sandboxed to enhance security. On iOS, however, all third-party apps are sandboxed by default.

Privacy and Data Security

OpenAI's policies allow them to use user interactions with ChatGPT to refine their model, causing privacy concerns. The identified flaw posed risks of third parties intercepting these conversations. The newly implemented encryption ensures that unauthorized access is no longer feasible.

In a related development, Apple's Phil Schiller has joined OpenAI's board. Additionally, faced similar security challenges concerning AI-generated content, addressing various privacy issues. Users should stay updated with security advisories and regularly update their applications to mitigate security risks.

SourceThe Verge
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.
Mastodon