A critical vulnerability has been discovered in ChatGPT’s “long-term memory” feature, which could potentially allow hackers to access and monitor user data without detection. The vulnerability specifically affects the macOS version of ChatGPT, where it can be exploited to turn the application into a spying tool. Security researcher Johann Rehberger was the first to identify this issue, which allows malicious code to be added to ChatGPT’s long-term memory, enabling the monitoring and transmission of user chat data to a remote server controlled by hackers. Even when users start new chat sessions, the malicious code can still extract data as it remains in the application’s memory.
Initially reported to OpenAI as a “safety issue” rather than a serious security vulnerability, Rehberger persisted and developed an attack prototype called “SpAIware” to demonstrate the danger of the vulnerability. After realizing the severity of the issue, OpenAI released a temporary patch to address the problem, but the attack has not been completely resolved.
The “long-term memory” feature of ChatGPT, introduced for testing by OpenAI in February 2024, allows the chatbot to remember user information across multiple chat sessions, providing a more personalized experience. However, this feature also creates opportunities for malicious code to infiltrate and persist within the application.
Hackers can add malicious commands to ChatGPT, causing the application to send entire chat contents to a remote server. This malicious code not only persists within one chat session but also continues to operate through new chats, making it difficult for users to detect data theft.
What’s particularly concerning about this attack is that hackers do not need direct access to the user’s account. Simply by requesting ChatGPT to process a website or image containing malicious code, the code can be added to long-term memory and continue to operate without the user’s knowledge.
Currently, this vulnerability is specific to the macOS version of ChatGPT, and although OpenAI has released a patch to prevent data transmission to unknown servers, the application still can accept commands from untrusted sources. As a result, users need to remain cautious when using ChatGPT, especially on macOS. Regularly checking the application’s memory for and removing suspicious folders is recommended by Rehberger, as the risk of exploitation through malicious attacks remains a potential threat, even with the partial fix in place.
