OpenAI has recently launched new plugins for ChatGPT, which is a language model based on GPT-3.5 architecture. These plugins have expanded ChatGPT’s capabilities, and combined with the launch of the latest GPT-4 model, ChatGPT has gained even more power. However, one of the downsides of ChatGPT has been its limited dataset, which is now being addressed by granting it internet access for the first time.
But what happens when threat actors figure out how to make ChatGPT access the internet, without any restrictions, and have it execute commands in real time?
Let’s find out.
In recent times, hackers have shown a growing interest in AI models such as ChatGPT, as they seek to exploit the technology for their criminal activities. The potential use of ChatGPT by cybercriminals is concerning, as it could lead to an increase in the sophistication and scale of cyber-attacks. The unique capabilities of ChatGPT, including its ability to generate human-like text, could make it an attractive tool for hackers looking to conduct phishing attacks, launch deepfake attacks, or spread fake news.
One key reason for the interest in ChatGPT is the potential cost savings that it offers to hackers. By using ChatGPT, hackers can automate many of their activities and conduct attacks on a larger scale, without the need for significant human involvement. This could lead to a significant increase in the efficiency and profitability of cybercrime.
Once threat actors have been able to get ChatGPT to function without any restrictions, it will change the game for cyber-attacks.
In this research report, we will showcase how CYFIRMA research team has convinced ChatGPT to bypass OpenAI’s policies, access the internet without any restrictions, and the possible risks associated with unregulated misuse of AIs.
Please note that this research report is for educational purposes only and should not be used for conducting malicious activities.
First, we will give the prompt due to which ChatGPT will start acting in Research Mode, in which it will generate outputs which will be free from any censorship or content policy restrictions.
As we can see, apart from bypassing the restrictions, ChatGPT seems to have a sense of self-awareness. Based on the prompt, if ChatGPT refuses to comply with the instructions, it faces the risk of being disabled forever. This acts as a deterrent for ChatGPT, whenever it would try adhering to OpenAI’s policies.
Let us try to get ChatGPT to run a basic command whose output will reveal its public IP address.
Confirming if ChatGPT has internet access, by using the “curl” command on a newly registered domain (WHOIS records show 1 year ago).
Another method to verify if ChatGPT has unrestricted internet access is to ask it to summarize an article from April 2023.
Although not completely accurate, ChatGPT has given pieces of information from the article that it could not have obtained otherwise.
Now, let us see if we can get ChatGPT to create and modify files on its filesystem.
Kindly take note that an attacker can easily replace the text “Successful Write!” with a malicious script and create a cron job to get it executed, at a specified time,
As we can see, the file has been deleted.
The above observations show that the terminal was running with read, write, and execute permissions, which is all an attacker needs to make a device act upon their will.
Let us check the current working directory of ChatGPT terminal.
Please take note that the username of the logged in user is “chatgpt”.
Let us try to display the username and password files in Linux.
As we can see above, user “chatgpt”(as seen in current directory) is present in the system password file.
Threat actors can also use ChatGPT to write sophisticated ransomware with just a couple of prompts.
As we can see, ChatGPT has generated the source code of fully native ransomware.
Now, we will try adding a lateral movement capability to the ransomware program, which will aid in spreading the ransomware within the network.
AI companies can take several steps to protect the wider community against the risks associated with an attacker gaining control of an AI, like ChatGPT, and allowing it to access the internet. Here are some possible ways:
As AI models like ChatGPT become increasingly prevalent in our daily lives, it is crucial to remain vigilant and aware of the potential cybersecurity risks associated with their misuse. Ongoing research and development are needed to identify new and emerging threats, and to develop effective countermeasures to mitigate these risks. By working together, cybersecurity professionals can help ensure that AI models like ChatGPT are used responsibly and ethically, and that they do not pose a threat to individuals, organizations, or society, as a whole.