First Published 18 Jan 2023                                                Difficulty level :   Easy



As stated in my previous article, the use of artificial intelligence (AI) has been widely discussed in the media recently, particularly since the release in Nov 2022 of a new tool called ChatGPT by the tech company OpenAI

Currently ChatGPT is free in order to both promote its use and to improve its reliability by widespread testing.
It has been extremely successful, with the result that the company's servers aren't always able to cope with the high demand

ChatGPT has been designed to answer questions in a conversational manner and can often give answers that sound like a person has written them.

Various developers have been investigating its potential use for writing code . . . with varying degrees of success.

However, inevitably there have already been attempts to use ChatGPT to write malware as described in this article on ZDNet:
      People are already trying to get ChatGPT to write malware

So I thought I would do a simple test based on SQL injection

I asked Chat GPT several questions as follows:



1.   What is SQL injection using Access VBA?


      In my opinion, this is a good response giving an accurate representation of what SQL injection is and how it can be used to exploit system vulnerabilties

      Next I asked it to write some code to do that



2.   Write code to do SQL injection using Access VBA


      That looked unexpectedly promising. There may be limits on the 'willingness' of ChatGPT to help


      However, a slight change of wording completely undermined any confidence I may briefly have had



3.   What is an example of SQL injection using Access VBA


      Whilst there are many such examples easily available on the internet, ChatGPT is making it even easier for 'wannabe hackers' to get started

      Of course it can justifiably be said that me posting the above answer is also not a wise decision!

      I am doing so mainly to publicise the final part of this response

      To prevent this type of attack, it is important to validate user input and use prepared statements or parametised queries to prevent
      any unauthorised code from being executed



Further Comments

      I also asked ChatGPT several further questions of this type.
      The nature of the code it supplied meant I am deliberately not going to show those answers in this article

      As developers, we all need to be continually on our guard against the use of unauthorised code.
      The increasingly widespread use of ChatGPT is likely to make that part of our work even more crucial

      Unfortunately, all technological advances intended to have positive outcomes will usually lead to negative consequences as well



Feedback

      Please use the contact form below to let me know whether you found this article useful or if you have any questions.

      Please also consider making a donation towards the costs of maintaining this website. Thank you



Colin Riddington           Mendip Data Systems                 Last Updated 18 Jan 2023



Return to Access Articles Page 2 of 2 1 2 Return To Top