EmailGPT Vulnerability Exposes Sensitive Data to Attackers

A new prompt injection vulnerability, CVE-2024-5184, has been found in EmailGPT, the service and Chrome plugin that assists Gmail users in composing emails with OpenAI’s GPT model. This vulnerability allows attackers to manipulate the model’s inputs, potentially executing malicious actions with a CVSS base score of 6.5, indicating a medium severity level.

According to Synopsys Cybersecurity Research Center (CyRC) as reported by Cyber Security News, exploiting this vulnerability could result in intellectual property theft, denial-of-service attacks, and direct financial losses. This could occur through attackers making repeated requests to the AI provider’s API, which operates on a pay-per-use model.

EmailGPT Vulnerability

A large language model (LLM) becomes susceptible to prompt injection when an attacker manipulates it with carefully crafted inputs, causing the LLM to unwittingly execute the attacker’s intentions. This manipulation can occur either through direct means, such as “jailbreaking” the system prompt, or indirectly, by manipulating external inputs, potentially leading to social engineering, data exfiltration, and other security concerns.

A prompt injection vulnerability has been uncovered in the EmailGPT service by researchers.

An attacker can inject a direct prompt into the service, potentially gaining control over its logic due to its API usage. This vulnerability allows attackers to manipulate the AI service into executing undesired prompts or leaking standard system prompts.

Submitting a malicious prompt to EmailGPT triggers the system to respond with potentially harmful information.

This vulnerability is exploitable by anyone with access to the service.

The primary EmailGPT software branch is affected. Continuously requesting unauthorized APIs poses significant risks, including intellectual property theft, denial-of-service attacks, and financial harm.

Recommendation

1. Check What Goes In: Make sure the service only accepts safe stuff. If something seems sketchy, block it.
2. Control Who Can Use It: Only let trusted people or programs use the service. Keep out the bad guys.
3. Stick to the Safe List: Have a list of approved things the service can do. If it’s not on the list, don’t do it.
4. Don’t Let Anyone Overdo It: Put limits on how much someone can use the service. This stops bad guys from flooding it and costing money.
5. Keep an Eye Out for Trouble: Regularly check for problems and fix them before someone bad finds them.
6. Teach Users About Safety: Make sure people know how to use the service safely and report anything weird.
7. Keep Things Up to Date: Always install updates to keep the service safe from known problems.

Following these steps will help keep the EmailGPT service safe from hackers and keep everyone’s information secure.