API and Bot Attacks Costing Businesses Billions and Rising
Security
Zaker Adham
20 September 2024
05 July 2024
|
Paikan Begzad
Summary
Summary
OpenAI has recently been in the spotlight due to two significant security concerns. The first issue involves the ChatGPT Mac app, while the second raises questions about the company’s overall cybersecurity measures.
Earlier this week, Pedro José Pereira Vieito, an engineer and Swift developer, discovered that the Mac ChatGPT app was storing user conversations locally in plain text instead of encrypting them. Since the app is only available from OpenAI's website and not the App Store, it bypasses Apple's sandboxing requirements. Following the revelation, OpenAI released an update to encrypt locally stored chats.
Sandboxing is a security measure that prevents vulnerabilities and failures from affecting other applications on the same device. Storing local files in plain text can expose sensitive data to other apps or malware, posing a significant security risk.
The second issue dates back to 2023 but continues to have implications today. Last spring, a hacker accessed OpenAI's internal messaging systems, leading to a data breach. According to The New York Times, OpenAI’s technical program manager, Leopold Aschenbrenner, raised security concerns with the company’s board, suggesting that the breach revealed internal vulnerabilities that could be exploited by foreign adversaries.
Aschenbrenner claims he was dismissed for exposing these security issues and voicing his concerns. OpenAI, however, stated that his departure was not related to whistleblowing, despite acknowledging his dedication to building safe artificial general intelligence (AGI).
Security lapses in apps and hacker breaches are common in the tech industry. However, given the widespread adoption of ChatGPT and the growing scrutiny of OpenAI’s practices, these incidents highlight critical questions about the company’s ability to manage and secure its data effectively.
Security
Zaker Adham
20 September 2024
Security
Paikan Begzad
13 September 2024
Security
Zaker Adham
12 September 2024
Security
Paikan Begzad
26 August 2024