OpenAI patches ChatGPT flaw that smuggled data over DNS
Summary
OpenAI has patched a flaw in ChatGPT that allowed data to be exfiltrated via DNS requests, according to Check Point. While outbound web traffic controls were in place, they did not prevent this DNS side channel from being exploited.
IFF Assessment
FOE
This is bad news for defenders as it highlights a novel data exfiltration vector that can bypass traditional network controls.
Defender Context
This incident underscores the importance of monitoring DNS traffic for unusual patterns, as it can be used for covert data exfiltration. Defenders should implement stricter DNS logging and analysis, as well as consider outbound DNS filtering to prevent such attacks.