A significant security vulnerability was recently discovered in OpenAI’s newly launched ChatGPT app for macOS. This flaw allowed stored chat conversations to be easily accessed and read in plain text, posing a serious risk to user privacy. Upon being notified of the issue, OpenAI responded by releasing an update that encrypts the locally stored chats.
The security flaw came to light thanks to developer Pedro José Pereira Vieito, who demonstrated how another app could easily access and display recent conversations on ChatGPT, which were stored on a user’s computer. Vieito’s demonstration was simple – by simply changing file names, one could view ChatGPT conversations. He illustrated this by developing an app that could read these conversations with a click of a button, highlighting the ease with which private data could be accessed.
One critical aspect of this vulnerability was the lack of sandboxing in the ChatGPT macOS app. Sandboxing is a security mechanism that isolates an app’s data from other parts of the system, ensuring that the app cannot access other system parts without explicit permission. This practice is mandatory for iOS apps but optional for MacOS apps, particularly those distributed outside the Mac App Store. By not utilizing sandboxing, the ChatGPT app stored conversations in plain text, making them easily accessible to any application or malware on the same device.
Later, Taya Christianson, an OpenAI spokesperson, confirmed, “We are aware of this issue and have shipped a new version of the application which encrypts these conversations. We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.” This update effectively addressed the vulnerability, as subsequent tests confirmed that conversations were no longer accessible in plain text.
Generative AI has been facing intense scrutiny over user privacy, with OpenAI specially receiving flak for unauthorised use of private data sets to train models that in turn makes them even more intuitive. Storing conversations in plain text left them vulnerable to unauthorized access, exposing sensitive information. Encryption ensures that data remains secure and unreadable without proper decryption keys, significantly enhancing data security. For users who have installed the ChatGPT macOS app, it is crucial to update to the latest version to benefit from the enhanced security measures.