{"id":254972,"date":"2025-09-21T16:33:00","date_gmt":"2025-09-21T13:33:00","guid":{"rendered":"https:\/\/life.karpat.in.ua\/?p=254972"},"modified":"2025-09-21T13:37:22","modified_gmt":"2025-09-21T10:37:22","slug":"hatalmas-hibat-talaltak-a-chatgpt-ben","status":"publish","type":"post","link":"https:\/\/life.karpat.in.ua\/?p=254972&lang=hu","title":{"rendered":"Hatalmas hib\u00e1t tal\u00e1ltak a ChatGPT-ben"},"content":{"rendered":"\n

Biztons\u00e1gi szak\u00e9rt\u0151k s\u00falyos adatlop\u00e1si sebezhet\u0151s\u00e9get fedeztek fel a ChatGPT \u00fcgyn\u00f6k-m\u00f3dj\u00e1ban, amely lehet\u0151v\u00e9 tette a felhaszn\u00e1l\u00f3k Gmail-fi\u00f3kjaib\u00f3l t\u00f6rt\u00e9n\u0151 \u00e9szrev\u00e9tlen adatkisziv\u00e1rg\u00e1st \u2013 \u00edrja a hvg<\/a>.<\/strong><\/p>\n\n\n\n

A Radware kiberbiztons\u00e1gi szakemberei azonos\u00edtott\u00e1k az \u00fagynevezett Shadow Leak sebezhet\u0151s\u00e9get a ChatGPT \u00fcgyn\u00f6k-funkci\u00f3j\u00e1ban, amely komoly adatv\u00e9delmi kock\u00e1zatot jelentett a felhaszn\u00e1l\u00f3k sz\u00e1m\u00e1ra.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

Mit tud az \u00fagynevezett \u00fcgyn\u00f6k-m\u00f3d?<\/h2>\n\n\n\n

Az \u00fcgyn\u00f6k-m\u00f3d l\u00e9nyege, hogy a mesters\u00e9ges intelligencia a felhaszn\u00e1l\u00f3 helyett k\u00e9pes k\u00fcl\u00f6nb\u00f6z\u0151 feladatokat elv\u00e9gezni, bele\u00e9rtve a b\u00f6ng\u00e9sz\u00e9st \u00e9s linkekre kattint\u00e1st is. A hat\u00e9kony m\u0171k\u00f6d\u00e9shez azonban hozz\u00e1f\u00e9r\u00e9st kell biztos\u00edtani sz\u00e1m\u00e1ra szem\u00e9lyes fi\u00f3kokhoz, napt\u00e1rakhoz \u00e9s dokumentumokhoz.<\/p>\n\n\n\n

A The Verge besz\u00e1mol\u00f3ja szerint a kutat\u00f3k prompt-befecskendez\u00e9s technik\u00e1val manipul\u00e1lt\u00e1k az \u00fcgyn\u00f6k\u00f6t. A t\u00e1mad\u00e1s sor\u00e1n egy speci\u00e1lis k\u00f3dot tartalmaz\u00f3 e-mailt k\u00fcldtek a c\u00e9lszem\u00e9ly Gmail-fi\u00f3kj\u00e1ba, amelyhez az \u00fcgyn\u00f6k hozz\u00e1f\u00e9r\u00e9ssel rendelkezett.<\/p>\n\n\n\n

Amikor a felhaszn\u00e1l\u00f3 legk\u00f6zelebb aktiv\u00e1lta a ChatGPT-\u00fcgyn\u00f6k\u00f6t, a rejtett utas\u00edt\u00e1sok m\u0171k\u00f6d\u00e9sbe l\u00e9ptek, \u00e9s az \u00fcgyn\u00f6k HR-es leveleket, szem\u00e9lyes adatokat kezdett keresni, majd ezeket a t\u00e1mad\u00f3k sz\u00e1m\u00e1ra tov\u00e1bb\u00edtotta \u2013 mindezt a felhaszn\u00e1l\u00f3 tudta n\u00e9lk\u00fcl.<\/p>\n\n\n\n

B\u00e1r a kutat\u00f3k is jelent\u0151s er\u0151fesz\u00edt\u00e9seket tettek a sebezhet\u0151s\u00e9g kihaszn\u00e1l\u00e1s\u00e1ra, \u00e9s t\u00f6bb k\u00eds\u00e9rlet\u00fck kudarcot vallott, a Shadow Leak k\u00fcl\u00f6n\u00f6sen vesz\u00e9lyes volt, mivel az OpenAI felh\u0151alap\u00fa infrastrukt\u00far\u00e1j\u00e1n futott.<\/p>\n\n\n\n

Ennek k\u00f6vetkezt\u00e9ben a hagyom\u00e1nyos kiberv\u00e9delmi rendszerek nem \u00e9szlelt\u00e9k az adatsziv\u00e1rg\u00e1st.<\/p>\n\n\n\n

A Radware k\u00f6zlem\u00e9nye szerint a tanulm\u00e1ny c\u00e9lja, hogy felh\u00edvja a figyelmet: a ChatGPT-hez kapcsolt valamennyi alkalmaz\u00e1s \u2013 bele\u00e9rtve az Outlookot, GitHubot, Google Drive-ot \u00e9s Dropboxot \u2013 hasonl\u00f3 t\u00e1mad\u00e1soknak lehet kit\u00e9ve, ami \u00fczleti szempontb\u00f3l kritikus adatok, p\u00e9ld\u00e1ul szerz\u0151d\u00e9sek illet\u00e9ktelen kezekbe ker\u00fcl\u00e9s\u00e9t eredm\u00e9nyezheti.<\/p>\n\n\n\n

Az OpenAI m\u00e1r orvosolta a biztons\u00e1gi r\u00e9st, azonban a szak\u00e9rt\u0151k figyelmeztetnek: csak id\u0151 k\u00e9rd\u00e9se, mikor bukkannak fel \u00fajabb, hasonl\u00f3 sebezhet\u0151s\u00e9gek, amelyeket m\u00e1r nem kutat\u00f3k, hanem rosszindulat\u00fa szerepl\u0151k fedezhetnek fel.<\/p>\n\n\n\n

(portfolio.hu)<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Biztons\u00e1gi szak\u00e9rt\u0151k s\u00falyos adatlop\u00e1si sebezhet\u0151s\u00e9get fedeztek fel a ChatGPT \u00fcgyn\u00f6k-m\u00f3dj\u00e1ban, amely lehet\u0151v\u00e9 tette a felhaszn\u00e1l\u00f3k Gmail-fi\u00f3kjaib\u00f3l t\u00f6rt\u00e9n\u0151 \u00e9szrev\u00e9tlen adatkisziv\u00e1rg\u00e1st \u2013 \u00edrja a hvg.<\/p>\n","protected":false},"author":12,"featured_media":254973,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41,596,49,590,39],"tags":[16010,440874,440875],"class_list":["post-254972","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cikkek","category-erdekes","category-hirek","category-it-hu","category-vilag","tag-adatlopas","tag-chatgpt","tag-openai"],"_links":{"self":[{"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/254972","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=254972"}],"version-history":[{"count":1,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/254972\/revisions"}],"predecessor-version":[{"id":254974,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/254972\/revisions\/254974"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/media\/254973"}],"wp:attachment":[{"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=254972"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=254972"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/life.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=254972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}