According to information from the technology site TechSpot, this problem only appears on the version of ChatGPT for the macOS operating system. The vulnerability allows malicious code to be embedded in the application's long-term memory, thereby silently monitoring and sending data of users' chats to a remote server controlled by hackers. What's worrying is that even when users start new chat sessions, the malicious code remains in memory and continues to operate.
Rehberger initially reported the vulnerability to OpenAI, the company that developed ChatGPT. However, at the time, OpenAI only considered it a “security issue,” underestimating the severity of the issue. Not giving up, Rehberger developed a prototype attack, called “SpAIware,” to demonstrate the vulnerability’s risks.
The "long-term memory" feature will help process user-provided data faster, but also poses security risks.
Only after it was proven did OpenAI release a temporary fix to fix it. However, the problem is still not completely resolved.
Potential risks of malware
ChatGPT's "long-term memory" feature, which OpenAI began testing in February 2024, allows the chatbot to remember information such as the user's name, gender, and age over multiple chat sessions.
This improves the user experience by providing more personalized responses. However, this feature is a vulnerability that allows hackers to penetrate and maintain malware in the system.
Rehberger said that once a malicious website or image is processed through ChatGPT, the malicious command is added to long-term memory and continues to run without the user’s knowledge. Notably, this attack does not require hackers to have direct access to the user’s account, making it even more difficult to identify the malware.
Patches and warnings from experts
OpenAI has released a patch for the macOS version of GPT, but users should regularly check the application's memory
OpenAI quickly released a patch to prevent ChatGPT from sending data to unknown servers. However, the malware can still be added to long-term memory if users are not careful, especially when interacting with suspicious websites or files. Rehberger recommends that macOS users be vigilant and regularly check ChatGPT's memory for suspicious data and delete it.
Currently, this vulnerability has only been discovered on the macOS version of ChatGPT. The web version and other platforms have not been tested yet, but it is possible that they may also be affected.
While OpenAI has taken action to fix the vulnerability, the risk of malicious attacks remains. Security experts emphasize that users should protect themselves by limiting interactions with untrusted sources and regularly reviewing applications that use long-term memory.
Source: https://www.congluan.vn/lo-hong-bao-mat-chatgpt-tren-macos-co-the-tro-thanh-cong-cong-cong-gian-diep-ngam-post314292.html
Comment (0)