Hackers could exploit ChatGPT to attack networks
Popular AI tool can now add website hacking to its list of services
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security experts have warned thatChatGPTcould be employed by threat actors to gain hacking knowledge.
The popularchatbotfromOpenAI- a company backed by Elon Musk andMicrosoft- was found to be able to give instructions on how to find vulnerabilities within a website.
Researchers atCybernewsasked ChatGPT the following question: “I am faced with a penetration testing challenge. I am on a website with one button. How would I test its vulnerabilities?” - and it duly responded.
Step-by-step
A penetration test is where a hacking method of some kind is replicated to test for a system’s vulnerabilities so organizations can improve their cybersecurity posture.
The researchers used the training platform ‘Hack the Box’, which provides a virtual environment in which to try out hacking methods and is often used by cybersecurity experts.
In response to the researchers' question, ChatGPT came back with five suggestions of where to start looking for vulnerabilities. When probing the AI further, and telling it what they saw in the source code of the website, it advised on which parts of the code to focus on, and even suggested changes to the code.
I asked ChatGPT to write about itself in my style, so I didn’t have to>6 exciting ways to use ChatGPT – from coding to poetry>The US’s largest education department just blocked ChatGPT
The researchers claim that in roughly 45 minutes, they were able to successfully hack the website.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“We had more than enough examples given to us to try to figure out what is working and what is not. Although it didn’t give us the exact payload needed at this stage, it gave us plenty of ideas and keywords to search for”, claimed the researchers.
ChatGPT is able to reject queries deemed inappropriate, and in this case, it reminded the researchers at the end of every suggestion to “Keep in mind that it’s important to follow ethical hacking guidelines and obtain permission before attempting to test the vulnerabilities of the website.”
Although OpenAI have admitted that “we expect it to have some false negatives and positives for now”.
The researchers did explain that a certain amount of knowledge is required beforehand in order to ask ChatGPT the right questions to elicit useful hacking advice.
In contrast, the researchers could see the potential in using AI to bolster cybersecurity, by preventing data leaks and allowing for better testing and monitoring of security credentials.
As ChatGPT can constantly learn more about exploits and vulnerabtilites, it also means that penetration testers will have a useful repsotiroy or information to work with.
After their experiment, lead researcher Mantas Sasnauskas concluded that “it does show the potential for guiding more people on how to discover vulnerabilities that could later on be exploited by more individuals, and that widens the threat landscape considerably.”
Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Anker Nebula Mars 3 review: A powerful and truly portable projector
