ChatGPT's macOS app was storing chats in plain text - gHacks Tech ...
A recent discovery by a software engineer revealed that OpenAI's ChatGPT app for Mac was storing chats in plain text, raising concerns about user privacy and data security.
What Happened?
The ChatGPT Mac app was released to all users a week ago. Pedro José Pereira Vieito published his findings on Threads, exposing that the desktop app of the popular chatbot was saving conversations with users in plain text format on local storage.
Security Risks Uncovered
The security enthusiast highlighted that macOS had been preventing other apps from accessing user data since macOS Mojave 10.4. Despite this, the ChatGPT Mac app was storing data in a non-protected location, making it vulnerable to unauthorized access.
The researcher developed a tool to extract the data without special permissions from the app or the operating system, highlighting the potential risk of unauthorized access by malicious entities.
OpenAI's Response and Resolution
OpenAI acknowledged the issue and promptly released an update to patch the security loophole in the ChatGPT macOS app. The company admitted that the app did not encrypt the stored data, leaving user conversations exposed.
Assessment of the Security Risk
While the security vulnerability raised concerns, the practical risk of exploitation is limited to scenarios where a hacker has physical access to the Mac or the device is already infected with malware. In such cases, the exposure of chat data is just one of many potential risks.
It's worth noting that many apps store user data in unencrypted formats on local storage, highlighting a broader issue in data security practices across various applications.
Privacy Implications and Future Developments
Looking ahead, concerns about privacy risks associated with chatbots persist, as these services rely on user data to enhance their language models. Reports suggest that Apple is exploring collaborations with Google Gemini and OpenAI for future integration across its devices.
Addressing security concerns, especially regarding data storage and encryption, remains crucial to safeguarding user privacy in the digital age.
