Why Would Someone Want to Steal Your ChatGPT API Keys?

The Motive -

Maybe it's not that obvious but in fact there are a number of reasons:

The first is “because it's there” and high-profile. This will be enough motivation for some hackers to try to interfere with the service. In general stealing ChatGPT or any other AI platforms API keys can be motivated by a combination of reasons, including any or all of the following:

• Unauthorized Access: By stealing API keys, an individual can gain unauthorized access to the ChatGPT API. They can then use the API to interact with the language model and generate responses without bearing the costs or responsibilities. This might be exploited for illicit use such as spamming, trolling, or conducting illegal activities.
• Resource Consumption: API keys are often associated with certain usage limits or quotas. If someone steals API keys, they can use them to make requests to the API, consuming the resources allocated to the legitimate owner. This can result in increased costs for the legitimate owner or even service disruption if the usage exceeds the allocated limits.
• Data Privacy and Sensitivity: Some LLM API keys may provide access to specialized pre-trained data or fine-tuned functionality. By stealing these keys, an attacker can potentially gain access to confidential information or perform operations that were intended to be restricted or proprietary. This can lead to data breaches, privacy violations, or misuse of the entrusted functionality.
• Financial Gain: In some cases, stolen API keys can be sold on the dark web or other illicit marketplaces. Individuals or organizations interested in accessing the ChatGPT API without paying for it may seek to acquire stolen keys at a discounted price. This enables them to utilize the API while avoiding the associated costs.
• Competitive Advantage: If a competitor gains access to another organization's API keys, they may be able to analyze and understand how the organization utilizes the API. This knowledge can provide insights into the competitor's strategies, product features, or business processes.

Stealing API keys is not only unethical, but also illegal and legitimate owners of API keys should take appropriate technological measures to both protect their keys and ensure the security of their systems, and use legal measures if they are compromised.

The Means

What Tools Could a Hacker Use to extract another users API keys? Like everyone else, OpenAI publishes the APIs to the ChatGPT service and uses API Keys to authenticate access.

Supposing I can get my hands on a ChatGPT API key, what could I do with it? Well here's a quote from the ChatGPT documentation itself: “A compromised API key allows a person to gain access to your account quota, without your consent. This can result in data loss, unexpected charges, a depletion of your monthly quota, and interruption in your API access.” In other words if I could steal an API key I could create scripts and bots that look like they are genuine and access the API, steal data, derail the service, use up quota.

OpenAI does provide some advice about keeping your API keys secret:

https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety

However, one platform they don't cover well is the case of a mobile app accessing the API. Their authentication advice suggests that API keys should be kept out of the app code, and “requests must be routed through your own backend server where your API key can be securely loaded”. Using a proxy like this is good advice, but really only moves, rather than solves, the problem. How do you stop bad actors accessing the proxy and then using your ChatGPT API anyway?

If I am creating a mobile app that uses the ChatGPT API how do I keep the access to that precious ChatGPT account safe - and we already know that there are many ways to reverse engineer secrets out of mobile apps or steal them at runtime. So how could I get my hands on the API Key for the ChatGPT APIs?

The Method -

How will the Attack be Carried Out? There are two main ways to steal secrets from a mobile app:

1. Static Analysis - is the process of inspecting the source code and other components of the mobile app package for exposed secrets. Obfuscation or code hardening, in theory, provides some protection against static reverse engineering. However against bad actors, even simple open-source tools can statically reverse-engineer keys out of the app in minutes. Obfuscation can perhaps deter the malicious hobbyists and less serious attackers. However, more sophisticated techniques can render obfuscation completely ineffective.
2. Runtime Analysis - The second method is to steal secrets at runtime. The unfortunate thing is that both the mobile app code and the environment it runs on are very exposed and can be easily manipulated. So at runtime, API keys can be stolen during execution by instrumenting the application, modifying the environment or intercepting messages from the app to the backend via Manipulator-in-the-Middle attacks (MitM).

Once the hacker has their hands on your API Keys they can easily build them into scripts and bots to access the APIs. And if the ChatGPT APIs (or proxies to them) are being used in a mobile app, keys will probably be exposed unless steps are taken to prevent this.

How Do You Protect your LLM API Keys on Mobile Apps?

To prevent any APIs from being hacked via the mobile channel you should never hide the keys within your mobile app code. It sounds obvious, but that is a great place to start.

• Runtime Secrets Protection - This is the practice of securely storing and managing sensitive information, such as API keys, within a cloud service that delivers secrets “just-in-time” and only to the genuine app at precisely the moment they are required to make an API call. This ensures that sensitive API secrets are not being hardcoded or delivered to unsafe places, such as fake apps or to malicious bots.
• Runtime Applications Self Protection - "RASP" is the security approach that focuses on protecting applications during runtime. RASP monitors the execution of the application and can detect and prevent various types of attacks, including attempts to extract secrets. By deploying RASP mechanisms, such as behavior monitoring and anomaly detection, the application can actively defend itself and mitigate risks associated with API key theft.
• Dynamic Certificate Pinning - can ensure that the mobile app only communicates with the genuine server endpoints that possess the expected SSL/TLS certificates. This helps protect against manipulator-in-the-middle attacks (MitM), whereby the attacker intercepts the communication and steals API keys during the data exchanged between the client and the server.
• Mobile App Attestation - this technique is used to verify the integrity of the mobile application running on the users device. It ensures that the app has not been tampered with or modified by unauthorized parties. Implementing mobile app attestation mechanisms, the "DNA" of the mobile app that uses the API key can be verified, reducing the risk of API key theft through maliciously modified apps.
• Secure API Authentication - Instead of relying solely on static API keys, a secure API authentication approach can be implemented using short-lived JSON tokens. These tokens are generated for each API request and have a limited lifespan. By using short-lived tokens, the exposure window for an attacker to misuse stolen keys is significantly reduced. Additionally, proper authentication mechanisms, like OAuth 2.0, can be employed to validate the tokens and ensure secure communication between the client and the API.

If you can do all these things, your mobile apps & their APIs will be much safer. Implementing these security measures collectively in combination reduces the risk of unauthorized access and misuse. However, it's important to note that these measures should be part of a comprehensive security strategy that includes extensive pentesting and adherence to the OWASP MASVS guidelines.