German security researcher Benjamin Flesch recently disclosed a serious security vulnerability in OpenAI's ChatGPT API, which can be maliciously exploited to launch distributed denial-of-service (DDoS) attacks. An attacker can use ChatGPT's crawler program to send a large number of requests to the target website through a simple HTTP request, causing the website to be paralyzed. This vulnerability stems from a flaw in the ChatGPT API when processing HTTP POST requests directed to a specific website. An attacker can bypass the security mechanism and launch a large-scale attack on the target website.
Recently, a German security researcher Benjamin Flesch published a report on Microsoft's GitHub, pointing out that OpenAI's ChatGPT API has a serious security vulnerability that may be exploited to launch distributed denial of service (DDoS) attacks. This vulnerability allows an attacker to use ChatGPT's crawler program to initiate large-scale network requests to any website through a simple HTTP request, which may even cause the target website to be paralyzed.
According to Flesch's report, ChatGPT's API exhibits serious flaws when handling HTTP POST requests to specific websites. When ChatGPT references a website, it calls an API endpoint called "attributions" to request information from the website. If an attacker sends a request to the API that contains a large number of different links, ChatGPT's crawler will access these links simultaneously, flooding the target website with requests.
Flesch noted that the API does not double-check incoming links, nor does it limit the number of links. This means an attacker could submit thousands of links in a single request, all pointing to the same target website. With a simple tool, an attacker can send a request to ChatGPT's endpoint without authentication, and OpenAI's servers will send a request for each link, potentially sending 20 to 5,000 requests per second to the target website.
Since the requests come from different IP addresses, it is difficult for the victim to detect that the attack has occurred. Even if the victim enables a firewall to block ChatGPT's IP address, the crawler will still resend the request in the next millisecond. Flesch said he has reported the problem to OpenAI and Microsoft through multiple channels, but has not received a response so far.
In addition to DDoS vulnerabilities, Flesch also mentioned that there are other security issues with the API, including prompt injection vulnerabilities. This allows the crawler to answer questions through the same API endpoint instead of just getting website information. Flesch questioned why OpenAI didn't implement basic security measures to prevent these abuses, pointing out that these are simple verification logic that have been commonly used by software developers for many years.
He believes that this vulnerability may indicate that OpenAI failed to fully consider security when developing its "AI agents". For such a long-running web crawler program, the lack of a limit on the number of requests to the same website seems particularly unreasonable.
Highlight:
1. OpenAI’s ChatGPT API was found to have security vulnerabilities and may be used to launch DDoS attacks.
2. An attacker can send thousands of links to the same website with a single request, causing the target website to be flooded.
3. This vulnerability has been reported to OpenAI and Microsoft, but no response has been received, showing negligence in security management.
This incident highlights the importance of large-scale language model API security and also exposes OpenAI’s shortcomings in security management. It is hoped that OpenAI can fix this vulnerability as soon as possible and strengthen the security protection measures of its API to avoid similar incidents from happening again and ensure the security of user data and network.