A study found that 282 of 444 tested iOS AI chatbot apps leaked API keys through network traffic, enabling unauthorized access. This exposes developers to financial risks and highlights security vulnerabilities amidst the growing reliance on AI applications.
Researchers from Wake Forest University tested 444 AI chatbot apps for iPhone.
The study revealed that nearly two-thirds of these apps, or 282, exposed API access through vulnerable network traffic.
The leaks fell into three main categories:
1. Plaintext keys (54 apps) sent in open requests.
2. No key required (92 apps) which acted as open relays to paid AI services.
3. Replayable tokens (136 apps), which are temporary access tokens that were easily captured.
This exposure can lead to 'LLMjacking,' where attackers exploit others' keys for unauthorized access to AI models.
Developers may face significant financial repercussions; estimates suggest stealing credentials could result in over $46,000 daily in charges.
Despite warnings issued to developers three months ago, only 28% have made corrections to the identified vulnerabilities.
The study highlights the need for enhanced security measures in mobile applications dependent on AI services.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A study found that 282 of 444 tested iOS AI chatbot apps leaked API keys through network traffic, enabling unauthorized access. This exposes developers to financial risks and highlights security vulnerabilities amidst the growing reliance on AI applications.