Highlights:
OpenAI’s ChatGPT Mac App was Storing Conversations in Plain Text
4/7/24
By:
Bharti B. Hariyani
After the security flaw was spotted, OpenAI updated its desktop ChatGPT app to encrypt the locally stored records.
Until recently, OpenAI’s ChatGPT macOS app had a critical security flaw: conversations were stored on users' computers in plain text. This vulnerability meant that if a malicious actor or app had access to your machine, they could easily read your conversations with ChatGPT and any sensitive data within them.
The Discovery of the Flaw
The issue was brought to light by Pedro José Pereira Vieito on Threads. Vieito demonstrated that it was possible to access and read ChatGPT conversations stored in plain text on the computer. He even created an app that could show these conversations immediately after they occurred. Vieito shared this app, and a video was made showing how it could read ChatGPT conversations with just a click. Simply changing the file name allowed access to the text of these conversations.
OpenAI’s Response
Upon being informed about the flaw by The Verge, OpenAI promptly released an update to address the issue. An OpenAI spokesperson, Taya Christianson, stated, “We are aware of this issue and have shipped a new version of the application which encrypts these conversations. We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.”
The Update and Its Impact
The update effectively resolved the security flaw. After installing the update, Vieito’s app could no longer read conversations in plain text, ensuring that stored conversations were now encrypted and secure.
How the Flaw Was Found
Vieito explained his discovery process: “I was curious about why [OpenAI] opted out of using the app sandbox protections and ended up checking where they stored the app data.” Unlike apps distributed through the Mac App Store, OpenAI's ChatGPT macOS app, available only through OpenAI’s website, doesn’t have to comply with Apple's sandboxing requirements, which would have added an extra layer of security.
Privacy Concerns
This incident raises significant privacy concerns. While OpenAI may review ChatGPT conversations for safety and model training unless users opt out, such access should not be available to unknown third parties. Ensuring that sensitive data is not exposed to potential threats is crucial for maintaining user trust and security.
Conclusion
OpenAI’s swift response to the security flaw in its ChatGPT macOS app highlights the importance of robust data protection measures. The encryption update now secures user conversations, protecting them from unauthorized access. As technology continues to evolve, maintaining high security standards remains essential to safeguard user data.
Stay informed with Kushal Bharat Tech News for the latest updates on tech innovations and security developments.
All images used in the articles published by Kushal Bharat Tech News are the property of Verge. We use these images under proper authorization and with full respect to the original copyright holders. Unauthorized use or reproduction of these images is strictly prohibited. For any inquiries or permissions related to the images, please contact Verge directly.
Latest News