With new capabilities come new security vulnerabilities. The graphics processors of millions of devices are vulnerable to a flaw allowing user data to be read, particularly those related to AI.
In recent years, graphics processors (or GPUs in technical language) have become even more crucial parts than before in our electronic devices. Indeed, it is these components which are mainly used for complex calculations linked to AI. And as was to be expected, the growing popularity of uses linked to artificial intelligence has been accompanied by new security issues.
A flaw that only requires 10 lines of code
The cybersecurity firm TrailForBits announced that it had discovered a flaw nicknamed LeftoverLocals. The latter allows malicious hackers to have access to data stored in GPU memory. Enough to spy on the conversations you can have with your AI or the activity that the latter carries out on your machines. The whole “with less than 10 lines of code» specify the cybersecurity specialists.
This flaw is present on a good number of devices equipped with AMD or Qualcomm chips, but also on those embedding in-house Apple chips. As TrailForBits points out, M3 Macs and mobile devices equipped with the A17 chip are no longer vulnerable, but those using the Apple Silicon M2 or previous generation mobile processors have not yet received a patch. This means that iPhone 12s, some iPads and several Macs are vulnerable.
This is (probably) just the beginning
Fortunately, most manufacturers contacted said they were working on fixes. So don’t neglect your updates in the coming months, whether you’re on Android, iOS, or even PC. However, with the growing dependence of our devices on these components to run AI, it is a safe bet that new vulnerabilities will still be discovered soon.
The nature of LeftoverLocals is reminiscent of the flaws of Specter and Meltdown, which took years of work and physical improvements on the construction of the processors themselves to become ancient history. As attractive as the promises around artificial intelligence are, they come with new hacking possibilities that we will need to be particularly attentive to in the coming years, especially if AIs end up handling sensitive personal information.
Source : TrailForBits via Wired
0