A major safety vulnerability was lately found in OpenAI’s newly launched ChatGPT app for macOS. This flaw allowed saved chat conversations to be simply accessed and skim in plain textual content, posing a severe threat to person privateness. Upon being notified of the problem, OpenAI responded by releasing an replace that encrypts the domestically saved chats.
The safety flaw got here to mild due to developer Pedro José Pereira Vieito, who demonstrated how one other app may simply entry and show latest conversations on ChatGPT, which have been saved on a person’s laptop. Vieito’s demonstration was easy – by merely altering file names, one may view ChatGPT conversations. He illustrated this by growing an app that might learn these conversations with a click on of a button, highlighting the benefit with which non-public knowledge may very well be accessed.
One vital side of this vulnerability was the dearth of sandboxing within the ChatGPT macOS app. Sandboxing is a safety mechanism that isolates an app’s knowledge from different components of the system, making certain that the app can not entry different system components with out express permission. This follow is necessary for iOS apps however non-compulsory for MacOS apps, notably these distributed exterior the Mac App Retailer. By not using sandboxing, the ChatGPT app saved conversations in plain textual content, making them simply accessible to any utility or malware on the identical system.
Later, Taya Christianson, an OpenAI spokesperson, confirmed, “We’re conscious of this difficulty and have shipped a brand new model of the applying which encrypts these conversations. We’re dedicated to offering a useful person expertise whereas sustaining our excessive safety requirements as our know-how evolves.” This replace successfully addressed the vulnerability, as subsequent checks confirmed that conversations have been not accessible in plain textual content.
Generative AI has been going through intense scrutiny over person privateness, with OpenAI specifically receiving flak for unauthorised use of personal knowledge units to coach fashions that in flip makes them much more intuitive. Storing conversations in plain textual content left them susceptible to unauthorized entry, exposing delicate info. Encryption ensures that knowledge stays safe and unreadable with out correct decryption keys, considerably enhancing knowledge safety. For customers who’ve put in the ChatGPT macOS app, it’s essential to replace to the newest model to profit from the improved safety measures.
