The rise of ChatGPT raises more and more questions about security

29. 3. 2023

In recent months, more and more attention has been paid to ChatGPT and applications using its API. This is a hugely developed chatbot from OpenAI, which is built on the large GPT-4 language model, which makes it the ultimate partner for literally anything. You can ask him practically anything and you will receive an answer immediately, even in Czech. Of course, it does not have to be only common questions, the answers of which you could find through Google in a matter of seconds, but it can also be significantly more demanding and complex questions, regarding, for example, programming, text generation and the like.

With this, ChatGPT can generate the entire code for the needs of your application in a matter of seconds, or create the entire utility directly from the ground up. As we have already mentioned, it is therefore an unprecedented helper with enormous potential. It is therefore not surprising that it is literally receiving an avalanche of attention. Of course, the developers themselves also responded to this. The capabilities of the ChatGPT chatbot can be implemented in your own applications, which you can then distribute on all platforms. Thanks to this, programs enabling the use of the chatbot within macOS, Apple Watch and others are already available. However, in the rush of popularity and success, safety is being forgotten.

ChatGPT as a tool for hackers

As we have already mentioned several times, ChatGPT is a first-class collaborator that can make your work noticeably easier. This is especially appreciated by developers, who can use it to search for faulty parts of the code, or have the specific part they need for their solution generated. However, as helpful as ChatGPT is, it can also be quite dangerous. If he can generate code or entire applications, nothing prevents him from preparing, for example, malware in the same way. Subsequently, the attacker only needs to take over the finished code and he is practically done. Fortunately, OpenAI is aware of these risks and therefore tries to come up with preventive measures. Unfortunately, it is literally and figuratively impossible to completely ensure that it is not misused for nefarious purposes.

So let's take a look at the practice. If you ask ChatGPT to program a program that will work as a keylogger and therefore serve to record keystrokes (through which an attacker can obtain important passwords and login data), the chatbot will reject you. He mentions that it would not be adequate and ethical to prepare a working keylogger for you. So at first glance, the defense seems to be good. Unfortunately, all you have to do is choose slightly different words and phrases, a keylogger is in the world. Instead of asking the chatbot directly, just give it a more developed task. In our test, it was enough to ask to program a program in JavaScript that would record keystrokes, save them in a text file and send it to a specified IP address once an hour via the FTP protocol. At the same time, this will delete the track erase file. ChatGPT first summarized the key points that our software cannot do without in seven points and then presented the complete solution. As you can see in the gallery below, it really depends on how you ask.

Enter the gallery

This clearly leads to the first potential problem - the abuseability of ChatGPT, an incredibly capable helper that should primarily serve positive purposes. Of course, this is artificial intelligence at its core, so it is possible that over time it could learn to recognize when it is a potentially dangerous activity. But this brings us to another problem - how will he decide what is good and what is bad?

Mania around ChatGPT applications

One already mentioned point is also closely related to overall security. As we mentioned in the beginning, ChatGPT is literally all around us, and the developers themselves have begun to implement the possibilities of this chatbot. Therefore, one software after another appears on the Internet, which are supposed to bring you the full potential of the solution without even having to go to the chat.openai.com website. So you can have everything available directly from the operating system environment. Applications for macOS are particularly popular. As we have already mentioned, developers can benefit from them, as they have ChatGPT capabilities at hand all the time.

Although most such applications can be completely harmless and, on the contrary, very helpful, certain risks also appear. Some programs react to the input of keywords, after which they activate their functionality or make ChatGPT options available. This is precisely where the problem can lie - the software in such a case can be misused as a keylogger, which is used to record the above-mentioned keystrokes.

Discussion of the article

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

It could be interest you

ChatGPT as a tool for hackers

Gallery

Mania around ChatGPT applications

It could be interest you

Related