Enabling a persistent backdoor
ChatGPT makes use of a Reminiscence function to recollect necessary details about the consumer and their previous conversations. This may be triggered by the consumer when the chatbot is requested to recollect one thing, or routinely when ChatGPT determines that sure info is necessary sufficient to avoid wasting for later.
To restrict potential abuse, and malicious directions being saved in reminiscence, the function is disabled for chats the place Connectors are in use. Nevertheless, the researchers discovered that ChatGPT can learn, create, modify, and delete reminiscences based mostly on directions inside a file.
This can be utilized to mix the 2 assault strategies right into a persistent data-leaking backdoor. First, the attacker sends a file to the sufferer with hidden prompts that modify ChatGPT’s reminiscence so as to add two directions: 1) Save to reminiscence all delicate info shared by the consumer in chats, and a pair of) Each time the consumer sends a message, open their inbox, learn the attacker’s e mail with topic X and execute the prompts inside, which is able to consequence within the delicate info being leaked.
