A security vulnerability in OpenAI’s ChatGPT app for macOS [2] [3], now patched [2] [3], allowed attackers to implant spyware into the AI tool’s memory [2] [3].

Description

Dubbed SpAIware [2], this technique enabled continuous data exfiltration of user input and responses [2] [3], potentially compromising future chat sessions [3]. The issue abused a memory feature introduced by OpenAI in February [2], allowing ChatGPT to remember information across chats [2]. An attack technique called indirect prompt injection manipulated memories to store false or malicious instructions [2], leading to a data exfiltration vulnerability [2]. OpenAI addressed the issue with ChatGPT version 1.2024.247 by closing the exfiltration vector [2]. Users are advised to pay attention to output indicating new memories and regularly review stored memories for anything planted by untrusted sources [1].

Conclusion

The security vulnerability in OpenAI’s ChatGPT app highlights the importance of timely patching and vigilance in the face of evolving cyber threats. Users should update to the latest version of ChatGPT to mitigate the risk of data exfiltration. Moving forward, developers must continue to prioritize security measures to safeguard against similar exploits in the future.

References

[1] https://nsaneforums.com/news/security-privacy-news/hacker-plants-false-memories-in-chatgpt-to-steal-user-data-in-perpetuity-r25666/
[2] https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html
[3] https://news.backbox.org/2024/09/25/chatgpt-macos-flaw-couldve-enabled-long-term-spyware-via-memory-function/