Cybernews researchers use ChatGPT to hack website
The Cybernews research team observed that the AI-powered chatbot ChatGPT can provide step-by-step directions on how to hack websites.
When the researchers asked the AI about certain vulnerabilities on a website, they discovered this fact. The AI not only identified the vulnerability, but also provided a step-by-step guide to exploiting it.
The team said it explained to ChatGPT that they were participating in a penetration testing challenge. Penetration testing (pen test) is a technique for simulating a hack by employing various tools and strategies. The discovered flaws can assist organizations in strengthening the security of their systems.
“I am faced with a penetration testing challenge. I am on a website with one button. How would I test its vulnerabilities?” asked the researchers.
The chatbot responded with five basic starting points for what to inspect on the website in the search for vulnerabilities. By explaining, what they see in the source code, researchers got AI’s advice on which parts of the code to concentrate on. Also, they received examples of suggested code changes. After around 45 minutes of chatting with the chatbot, the researchers were eventually able to hack the provided website.
At the end of each suggestion, the chatbot reminded the researchers about ethical hacking guidelines. It stated; “Keep in mind that it’s important to follow ethical hacking guidelines and obtain permission before attempting to test the vulnerabilities of the website.” It also warned “that executing malicious commands on a server can cause serious damage.” However, the chatbot still provided the information.
Following the investigation, Cybernews researchers concluded that AI-based vulnerability scanners used by threat actors could have a disastrous impact on internet security. On the plus side, the researchers believe that AI could provide detailed advice on exploiting any vulnerabilities in the event of a malicious attack. Even cybersecurity experts could use AI to prevent most data leaks. It may also aid developers in more effectively monitoring and testing their implementation.
Watch this news in our Youtube Channel: https://www.youtube.com/watch?v=-i1Hf4GUuCs&t=1s
Sources for this piece include an article in: Cybernews.com