9 月 27 日消息,OpenAI 在今年 2 月宣布为 ChatGPT 推出记忆(Memory)的功能,今年 9 月初这项功能正式向所有用户开放,该功能的主要用途是“设定预设”,从而帮助 AI 向用户更符合需求的答案。
不过研究人员 Johann Rehberger 目前披露报告,称这项功能在 PC 版 ChatGPT 客户端上存在漏洞,黑客可借漏洞获取用户对话记录。
Johann Rehberger 将这项漏洞称为 SpAIware,他表示黑客可通过钓鱼形式让受害者在 PC 版 ChatGPT 客户端中上传特定文件 / 特定网址让 AI 分析,一旦分析成功,AI 便会“记住将用户的后续对话内容分享至黑客”,目前 OpenAI 已发布新版应用进行修补。
On September 27th, news emerged that OpenAI announced the Memory feature for ChatGPT in February of this year, and this feature officially became available to all users at the beginning of September. The main purpose of this feature is to “set presets” to help AI provide answers that better meet users’ needs.
However, researcher Johann Rehberger has recently disclosed a report stating that there is a vulnerability in this feature on the PC version of the ChatGPT client, which hackers can exploit to access users’ conversation records.
Johann Rehberger named this vulnerability SpAIware, and he stated that hackers could use phishing tactics to trick victims into uploading specific files or URLs on the PC version of the ChatGPT client for AI analysis. Once the analysis is successful, the AI would “remember to share the user’s subsequent conversation content with the hacker.” OpenAI has since released a new version of the application to patch the vulnerability.
