Attackers Could Eavesdrop on AI Conversations on GPUs

Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs.
In particular, the vulnerability-which the researchers named LeftoverLocals-can access conversations performed with large language models and machine learning models on affected GPUs.
Apple has released fixes for the A17 and M3 series processors and for some specific devices, such as the Apple iPad Air 3rd G; Apple did not provide a complete list of which devices have been secured.
As of Jan. 16, the Apple MacBook Air was vulnerable, according to Trail of Bits.
Recent Apple iPhone 15s do not appear to be vulnerable.
When asked for more detail by TechRepublic, Apple provided a prewritten statement thanking the researchers for their work.
AMD plans to release a new mode to fix the problem in March 2024.
Put simply, it's possible to use a GPU memory region called local memory to connect two GPU kernels together, even if the two kernels aren't on the same application or used by the same person.
The attacker can use GPU compute applications such as OpenCL, Vulkan or Metal to write a GPU kernel that dumps uninitialized local memory into the target device.
CPUs typically isolate memory in a way that it wouldn't be possible to use an exploit like this; GPUs sometimes do not.
SEE: Nation-state threat actors were found to be exploiting two vulnerabilities in Ivanti Secure VPN in early January.
As the attack continues, the attacker can see the interactive LLM conversation.
The listener can sometimes return incorrect tokens or other errors, such as words semantically similar to other embeddings.
Other than applying the updates from the GPU vendors listed above, researchers Tyler Sorensen and Heidy Khlaaf of Trail of Bits warn that mitigating and verifying this vulnerability on individual devices may be difficult.
GPU binaries are not stored explicitly, and not many analysis tools exist for them.
Programmers will need to modify the source code of all GPU kernels that use local memory.
They should ensure that GPU threads clear memory to any local memory locations not used in the kernel, and check that the compiler doesn't remove these memory-clearing instructions afterward.
Developers working in machine learning or application owners using ML apps should take special care.
Trail of Bits sees this vulnerability as an opportunity for the GPU systems community to harden the GPU system stack and corresponding specifications.


This Cyber News was published on www.techrepublic.com. Publication date: Thu, 18 Jan 2024 19:13:05 +0000


Cyber News related to Attackers Could Eavesdrop on AI Conversations on GPUs

Attackers Could Eavesdrop on AI Conversations on GPUs - Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the ...
11 months ago Techrepublic.com
Apple, AMD, Qualcomm, Imagination GPUs open to data theft The Register - A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users. On a non-shared system, malware that manages to run on the box could abuse the weakness to ...
11 months ago Go.theregister.com
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks - A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. Tracked as CVE-2023-4969, the security issue enables data ...
11 months ago Bleepingcomputer.com
WhatsApp Secret Code Feature Lets Users Set Unique Passwords - WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret Code feature provides additional protection to ensure users' private conversations remain secure and protected from unauthorized access. WhatsApp has ...
1 year ago Cybersecuritynews.com
US Senate to Vote on a Wiretap Bill That Critics Call 'Stasi-Like' - The United States Senate is poised to vote on legislation this week that, for the next two years at least, could dramatically expand the number of businesses that the US government can force to eavesdrop on Americans without a warrant. Some of the ...
8 months ago Wired.com
Google Just Denied Cops a Key Surveillance Tool - A hacker group calling itself Solntsepek, previously linked to the infamous Russian military hacking unit Sandworm, took credit this week for a disruptive attack on the Ukrainian internet and mobile service provider Kyivstar. Kytch argues in a recent ...
1 year ago Wired.com
CVE-2021-27772 - Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group ...
2 years ago
CVE-2019-13633 - Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled ...
4 years ago
Nvidia To Build Network Of AI Chip Plants In Japan - Nvidia chief Jensen Huang says company to work with local companies to build network of AI chip plants in Japan. Nvidia is to collaborate with local companies to build a network of semiconductor manufacturing facilities in Japan to meet demand for ...
1 year ago Silicon.co.uk
Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
1 year ago Infoworld.com
The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying. - Spying and surveillance are different but related things. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did. Putting someone ...
1 year ago Schneier.com
Role of Parents in Teaching Online Safety - In today's digital landscape, where children are increasingly exposed to the vast world of the internet, the role of parents in teaching online safety has become paramount. Parents should have regular conversations with their kids about the ...
1 year ago Securityzap.com
Trading Tomorrow's Technology for Today's Privacy: The AI Conundrum in 2024 - Artificial Intelligence is a technology that continually absorbs and transfers humanity's collective intelligence with machine learning algorithms. It is becoming increasingly clear that, as technology advances, so does its approach to data ...
11 months ago Cysecurity.news
Trends: Hardware gets AI updates in 2024 - This includes the use of specialized neural engines in devices like the iPhone 15 Pro, which are optimized for AI tasks such as machine learning and natural language processing. This configuration allows for new experiences such as real-time AI image ...
2 months ago Securityintelligence.com
Vultr Cloud Inference simplifies AI deployment - Vultr launched Vultr Cloud Inference, a new serverless platform. Leveraging Vultr's global infrastructure spanning six continents and 32 locations, Vultr Cloud Inference provides customers with scalability, reduced latency, and enhanced cost ...
9 months ago Helpnetsecurity.com
Five AI topics to discuss with your CEO - At Cisco Live EMEA in Amsterdam in early February, you couldn't swing an Ethernet cable without hitting someone who was talking about it. Even though AI comes with especially useful applications and some very practical downsides, it's important to ...
9 months ago Feedpress.me
Chatbots and Human Conversation - If you wanted results, you needed to learn the computer's language. Large language models-the technology undergirding modern chatbots-allow users to interact with computers through natural conversation, an innovation that introduces some baggage from ...
11 months ago Schneier.com
CVE-2020-27640 - The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper ...
4 years ago
CVE-2020-27639 - The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an ...
4 years ago
Understanding Mobile Network Hacking: Risks, Methods, and Safeguarding Measures - In an era dominated by mobile connectivity, the security of mobile networks has become a critical concern. Mobile network hacking refers to unauthorized access and manipulation of mobile communication systems, posing significant risks to individuals ...
1 year ago Cybersecurity-insiders.com
Meta introduces default end-to-end encryption for Messenger and Facebook - Meta is introducing default end-to-end encryption for chats and calls across Messenger and Facebook, the company revealed on Wednesday. E2EE ensures that messages content is only visible to the person sending the message and the one receiving it - ...
1 year ago Helpnetsecurity.com
CISO Conversations: Jason Rebholz and Jason Ozin From the Insurance Sector - In this edition of CISO Conversations, SecurityWeek speaks with two CISOs from the insurance sector: Jason Rebholz at Corvus Insurance, a Boston, MA-based cyber insurance specialist soon to be acquired by Travelers, and Jason Ozin at PIB Group, ...
11 months ago Securityweek.com
Sinking Section 702 Wiretap Program Offered One Last Lifeboat - A bill introduced by senators Dick Durbin and Mike Lee to reauthorize the Section 702 surveillance program is the fifth introduced in the US Congress this winter. With or without Congress, the Biden administration is seeking court approval to extend ...
9 months ago Wired.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
5 months ago Securityweek.com
CVE-2017-18195 - An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)