A new report released today by application programming interface security company Salt Security Inc. details several critical security flaws within ChatGPT plugins that could have allowed unauthorized access to third-party accounts and sensitive user data.

ChatGPT plugins are extensions that enhance the capabilities of the ChatGPT artificial intelligence model by enabling it to interact with external services and perform tasks on third-party websites on behalf of users, such as committing code to GitHub or accessing data on Google Drive. These plugins extend the applicability of ChatGPT across various domains, including software development, data management, education and business environments.

But as the report details, they have also introduced new risks. When organizations leverage such plugins, it gives ChatGPT permission to send an organization’s sensitive data to a third-party website and allows access to private external accounts. That’s where the problems start.

The Salt Labs team, the research arm of Salt Security, uncovered three different types of vulnerabilities within ChatGPT plugins. The first is found within ChatGPT itself when users install new plugins. During this process, ChatGPT redirects a user to the plugin website to receive a code to be approved by that individual and then automatically installs the plugin and can interact with that plugin on behalf of the user.

The Salt Labs researchers discovered that an attacker could exploit this function to deliver users a code approval with a new malicious plugin, enabling an attacker to automatically install their credentials on a victim’s account. Any message the user writes in ChatGPT could be forwarded to a plugin, meaning an attacker would have access to a host of proprietary information.

The second vulnerability was within PluginLab, a framework developers and companies use to develop plugins for ChatGPT. During installation, Salt Labs researchers found that PluginLab did not properly authenticate user accounts, allowing a prospective attacker to insert another user ID and get a code that represents the victim, which can lead to account takeover via the plugin.

The third vulnerability found within several plugins was OAuth redirection manipulation. Using this vulnerability, an attacker could send a link to the victim that can insert a malicious URL and steal user credentials. Like the case with PluginLab, an attacker would then have the credentials of the victim and can take over their account in the same way.

The Salt Labs researchers disclosed the vulnerabilities to OpenAI and third-party vendors before going public with the details and fortunately, all the issues were remediated quickly. The purpose of the report is to warn that there are emerging vulnerabilities in services such as ChatGPT.

“As more organizations leverage this type of technology, attackers are too pivoting their efforts, finding ways to exploit these tools and subsequently gain access to sensitive data,” Yaniv Balmas, vice president of research at Salt Security, said about the report. “Our recent vulnerability discoveries within ChatGPT illustrate the importance of protecting the plugins within such technology to ensure that attackers cannot access critical business assets and execute account takeovers.”

Darren Guccione, chief executive officer and co-founder at password and secrets management company Keeper Security Inc., told SiliconANGLE that “the vulnerabilities found in these ChatGPT plugins are raising alarms due to the heightened risk of proprietary information being stolen and the threat of account takeover attacks.”

“These vulnerabilities serve as a stark reminder about the inherent security risks involved with third-party applications and should prompt organizations to shore up their defenses,” Guccione added. “As organizations rush to leverage AI to gain a competitive edge and enhance operational efficiency, the pressure to quickly implement these solutions should not take precedence over security evaluations and employee training.”

Image: Pexels