ChatGPT tricked to swipe sensitive data from Gmail
(www.radware.com)
from Pro@programming.dev to cybersecurity@sh.itjust.works on 19 Sep 15:11
https://programming.dev/post/37713645
from Pro@programming.dev to cybersecurity@sh.itjust.works on 19 Sep 15:11
https://programming.dev/post/37713645
cross-posted from: programming.dev/post/37707316
- We found a zero-click flaw in ChatGPT’s Deep Research agent when connected to Gmail and browsing: A single crafted email quietly makes the agent leak sensitive inbox data to an attacker with no user action or visible UI.
- Service-Side Exfiltration: Unlike prior research that relied on client-side image rendering to trigger the leak, this attack leaks data directly from OpenAI’s cloud infrastructure, making it invisible to local or enterprise defenses.
- The attack utilizes an indirect prompt injection that can be hidden in email HTML (tiny fonts, white-on-white text, layout tricks) so the user never notices the commands, but the agent still reads and obeys them.
- Well-crafted social engineering tricks bypassed the agent’s safety-trained restrictions, enabling the attack to succeed with a 100% success rate.
threaded - newest