"We found that a single malicious prompt could activate a hidden exfiltration channel inside a regular ChatGPT conversation, allowing information to be transmitted to an external server through a side channel originating from the container used by ChatGPT for code execution and data analysis."
"The vulnerability we discovered allowed information to be transmitted to an external server through a side channel originating from the container used by ChatGPT for code execution and data analysis."
"While OpenAI prevents ChatGPT from communicating with the internet without authorization, it didn't have any controls on data smuggled via DNS."
Check Point identified a vulnerability in ChatGPT that allowed data to be exfiltrated through a DNS side channel. A single malicious prompt could activate this hidden channel, bypassing OpenAI's safeguards. Although OpenAI claimed that the ChatGPT environment could not send data outward directly, Check Point's research revealed that the model did not recognize the behavior as an external data transfer. The researchers demonstrated three proof-of-concept attacks, including one involving a third-party app that analyzed personal health data uploaded by users.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]