If you use this ChatGPT plugin to write your emails, you better uninstall it right away

A security flaw called “prompt injection” has been discovered in the Gmail EmailGPT extension, which uses OpenAI AI to help compose emails. Experts recommend uninstalling it immediately to avoid sensitive data leaks.

Bad news for users of the EmailGPT extension: a security flaw has just been revealed by researchers at Synopsys. Called “prompt injection”, it could allow hackers to access confidential information by manipulating the GPT-3 artificial intelligence service.

The Synopsys Cybersecurity Research Center (CyRC) alerted the developers of EmailGPT but they did not respond. As a result, the CyRC now recommends removing this extension altogether, although it is very practical for making it easier to write emails in Gmail using generative AI.

With a CVSS score of 6.5 out of 10, this vulnerability is considered “medium”, but could have serious consequences such as leaks of sensitive data, denial of service or even financial losses for companies. So, should we really be worried? We take stock.

What is EmailGPT, this compromised extension?

EmailGPT is an extension for the Google Chrome browser that integrates with Gmail, Google’s email service. Its goal is to help you write emails more quickly and efficiently using artificial intelligence.

Concretely, when you start typing an email, EmailGPT gives you text suggestions generated by a language model, in this case GPT-3 from OpenAI (the creator of ChatGPT). All you have to do is describe in a few words what you want to write, and the AI ​​then offers you a draft that you can edit.

This extension has quickly gained popularity since its launch, as it helps speed up the writing process significantly, with relevant and well-written suggestions. EmailGPT is particularly appreciated by professionals who have to manage a large number of emails on a daily basis.

But that was without counting on this security flaw discovered by Synopsys researchers. Called “prompt injection”, it could compromise the confidentiality of your emails and personal data. Indeed, hackers could exploit a vulnerability to manipulate requests made to the AI ​​and make it generate malicious content or disclose sensitive information.

The problem is not with the AI ​​models themselves, but with EmailGPT’s implementation, which does not appear to follow certain security best practices. The developers of this extension did not respond to Synopsys’ alerts. Faced with this worrying silence, experts therefore recommend that users do without this tool, as practical as it may be, while waiting for a patch to be published.

“Prompt injection”: a worrying flaw

Prompt injection is a technique of manipulating natural language instructions sent to an AI model to make it perform malicious actions. This is exactly the risk facing EmailGPT users according to cybersecurity researchers at Synopsys.

Concretely, an attacker could send specially crafted requests to the EmailGPT API to “hack” the underlying AI model. It would then be able to make it reveal the default prompts used by the extension, or even execute arbitrary commands without the user’s knowledge. Messages containing malicious code could thus be injected into your draft emails.

Among the major risks highlighted: leaks of sensitive data (the content of your emails, but also potentially your contacts or your calendar if the extension has access to them), the installation of malware, spam campaigns, the generation of false information/deepfakes, etc. Businesses are particularly exposed, as their internal communications could be compromised.

Another problem: since this type of attack goes through the AI ​​model itself and not the interface, it is very difficult to detect. You might be using the infected extension without realizing that malicious content is slipping into your emails.

More broadly, this incident shows the limits of the safeguards put in place by EmailGPT developers. Apparently, user requests are not sufficiently “sanitized” before being sent to the OpenAI API, which opens the door to manipulation. Additionally, because the source code is publicly available on GitHub, flaws are even easier for hackers to find.

While waiting for a fix, the best solution remains to simply uninstall the extension. A bit when you have to pick up your pen to write a letter, those addicted to prompts will have to put their fingers back on the keyboard. It’s painful at first, but it passes.

Source : Hack Read, Synopsys, genai