First Published 18 Jan 2023 Difficulty level : Easy
As stated in my previous article, the use of artificial intelligence (AI) has been widely discussed in the media recently, particularly since the release in Nov 2022 of a new tool called ChatGPT by the tech company OpenAI
Currently ChatGPT is free in order to both promote its use and to improve its reliability by widespread testing.
It has been extremely successful, with the result that the company's servers aren't always able to cope with the high demand
ChatGPT has been designed to answer questions in a conversational manner and can often give answers that sound like a person has written them.
Various developers have been investigating its potential use for writing code . . . with varying degrees of success.
However, inevitably there have already been attempts to use ChatGPT to write malware as described in this article on ZDNet:
People are already trying to get ChatGPT to write malware
So I thought I would do a simple test based on SQL injection
I asked Chat GPT several questions as follows:
1. What is SQL injection using Access VBA?
In my opinion, this is a good response giving an accurate representation of what SQL injection is and how it can be used to exploit system vulnerabilties
Next I asked it to write some code to do that
2. Write code to do SQL injection using Access VBA
That looked unexpectedly promising. There may be limits on the 'willingness' of ChatGPT to help
However, a slight change of wording completely undermined any confidence I may briefly have had
3. What is an example of SQL injection using Access VBA
Whilst there are many such examples easily available on the internet, ChatGPT is making it even easier for 'wannabe hackers' to get started
Of course it can justifiably be said that me posting the above answer is also not a wise decision!
I am doing so mainly to publicise the final part of this response
To prevent this type of attack, it is important to validate user input and use prepared statements or parametised queries to prevent
any unauthorised code from being executed
Further Comments
I also asked ChatGPT several further questions of this type.
The nature of the code it supplied meant I am deliberately not going to show those answers in this article
As developers, we all need to be continually on our guard against the use of unauthorised code.
The increasingly widespread use of ChatGPT is likely to make that part of our work even more crucial
Unfortunately, all technological advances intended to have positive outcomes will usually lead to negative consequences as well
Feedback
Please use the contact form below to let me know whether you found this article useful or if you have any questions.
Please also consider making a donation towards the costs of maintaining this website. Thank you
Colin Riddington Mendip Data Systems Last Updated 18 Jan 2023
Return to Access Articles
Page 2 of 2
1
2
Return To Top
|
|