Alert: Risks of Third-Party ChatGPT Plugins for Account Security

Researchers at security firm Salt Security have uncovered multiple vulnerabilities in third-party plug-ins used in ChatGPT, including a zero-click account takeover flaw that was triggered when users attempted to install the plug-in using their ChatGPT accounts.

Salt Security researchers recently discovered three critical flaws in OAuth authentication within GitHub and PluginLab – AI third-party plug-ins commonly integrated with ChatGPT.

These vulnerabilities originated from the methods employed by chatbot users to link their ChatGPT accounts with these services. The flaws exposed potential pathways for attackers to exploit, potentially leading to unauthorized access and account takeovers.

The findings underscore the importance of robust security measures in third-party integrations to safeguard against such risks and ensure the integrity of user data and accounts.

Third-Party ChatGPT Plugins Exposed Users to Account Takeovers

The findings by Salt Security researchers unveiled critical security flaws in ChatGPT plugins that could have granted attackers access to user accounts and sensitive data on third-party websites. These vulnerabilities existed within ChatGPT itself, the plugin development framework (PluginLab), and individual plugins.

Such flaws highlight the pressing need for heightened security protocols and rigorous scrutiny in the development and implementation of third-party plugins to mitigate potential threats and safeguard user information effectively.

Attack Methods

• OAuth Workflow Exploitation: One of the flaws involves exploiting the OAuth workflow to trick users into installing arbitrary plugins. ChatGPT doesn’t validate whether the user initiated the plugin installation, potentially allowing threat actors to intercept and exfiltrate data shared by victims.
• Zero-Click Account Takeover: Issues with Plugin Lab could be weaponized for zero-click account takeover attacks. Attackers could gain control of an organization’s account on platforms like GitHub and access source code repositories.
• OAuth Redirection Manipulation: Several plugins, including Kesem AI, contain an OAuth redirection manipulation bug. This vulnerability could allow attackers to steal account credentials associated with the plugin itself.

Impact and Resolution

These vulnerabilities could have given attackers access to sensitive information like code repositories on GitHub or other platforms. OpenAI has addressed these issues by:

• Discontinuing support for third-party plugins in ChatGPT.
• Introducing GPTs, specialized versions of ChatGPT designed for specific uses with reduced reliance on external services.
• Stopping new plugin installations and conversations with existing plugins as of March 19, 2024.

This incident highlights the importance of security in AI-powered applications and the potential risks associated with third-party plugins. It’s crucial to stay informed about security updates and exercise caution when using plugins or granting access to external services.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.