← All stories
● Covered by 1 source Β· 1 reportMedium impact

Study Reveals 282 iOS AI Apps Expose API Keys and Access Tokens

Aggregated by BrevFeed security Β· updated 2d ago
πŸ”– Save

A study found that 282 of 444 tested iOS AI chatbot apps leaked API keys through network traffic, enabling unauthorized access. This exposes developers to financial risks and highlights security vulnerabilities amidst the growing reliance on AI applications.

Key points

Study Overview

Researchers from Wake Forest University tested 444 AI chatbot apps for iPhone.

The study revealed that nearly two-thirds of these apps, or 282, exposed API access through vulnerable network traffic.

Types of Vulnerabilities Identified

The leaks fell into three main categories:

1. Plaintext keys (54 apps) sent in open requests.

2. No key required (92 apps) which acted as open relays to paid AI services.

3. Replayable tokens (136 apps), which are temporary access tokens that were easily captured.

Impact of the Findings

This exposure can lead to 'LLMjacking,' where attackers exploit others' keys for unauthorized access to AI models.

Developers may face significant financial repercussions; estimates suggest stealing credentials could result in over $46,000 daily in charges.

Developer Responses and Future Implications

Despite warnings issued to developers three months ago, only 28% have made corrections to the identified vulnerabilities.

The study highlights the need for enhanced security measures in mobile applications dependent on AI services.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

A study found that 282 of 444 tested iOS AI chatbot apps leaked API keys through network traffic, enabling unauthorized access. This exposes developers to financial risks and highlights security vulnerabilities amidst the growing reliance on AI applications.