LeftoverLocals GPU Flaw Exposes AI Knowledge in Gadgets Outfitted with Apple, AMD, and Qualcomm {Hardware}

A safety flaw affecting GPUs from 4 {hardware} producers that uncovered synthetic intelligence (AI) knowledge was unearthed by safety researchers. The situation impacts a number of gadgets geared up with GPUs from these companies, together with some iPhone, iPad, and Mac computer systems. Hackers can exfiltrate private info being utilized in AI operations on the native reminiscence of affected gadgets — together with giant language fashions (LLMs) utilized by companies like Google, Meta, ChatGPT maker OpenAI, and Microsoft utilizing a couple of strains of code, based on researchers.

Researchers at Trail of Bits uncovered a safety flaw affecting GPUs from AMD, Apple, Imagination, and Qualcomm that has been dubbed LeftoverLocals. This vulnerability is expounded to the affected gadget’s GPU and permits hackers to entry info through native reminiscence created by one other course of. Arm, Intel, and Nvidia GPUs are reportedly unaffected by the identical safety flaw.

In a detailed disclosure printed earlier this week, the researchers spotlight how the safety flaw impacts LLMs and machine studying (ML) fashions which can be run on impacted gadgets. They have been capable of construct a proof of idea (PoC) of the assault that allowed them to entry info from one other person’s LLM session that was being run in a distinct course of.

An illustration of an attacker listening in on an interactive LLM chat session
Photo Credit: Screenshot/ Trail of Bits

By operating a couple of strains of code, a hacker can use the LeftoverLocals safety flaw to reconstruct the LLM response in an interactive session “with high precision”, based on the researchers. The flaw was found by Tyler Sorensen and is being tracked by CVE-2023-4969.

The researchers state that they reached out to Apple and acquired a response on January 13, whereas the corporate has patched some gadgets with the A17 Pro — that powers the iPhone 15 Pro and 15 Pro Max — and M3 chip collection, however different gadgets haven’t been patched, such because the M2-powered MacEbook Air.

Meanwhile, AMD has acknowledged continues to be exploring methods to mitigate the safety vulnerability and Qualcomm has issued a patch with its v2.07 firmware that fixes the flaw on some gadgets, whereas others may nonetheless stay impacted. Affected Imagination GPUs have been patched final month as a part of the current DDK 23.3 launch, based on the researchers.