Advancements in artificial intelligence are a top priority for most companies worldwide, as we have all seen the significant benefits that AI can offer. To train large language models (LLMs) and develop more advanced AI systems, substantial computational power is needed, requiring the use of GPUs. With the high demand for GPUs, the LeftoverLocals vulnerability has been discovered, affecting graphics cards of AMD, Apple, and Qualcomm, potentially leading to the theft of data from GPU memory.
ChatGPT and Midjourney are just two examples of what can be achieved with current technology, the latest AI models, and the use of generative AI for content creation. With Midjourney, we can generate various images using text prompts. Each new version of Midjourney demonstrates significant progress, as the difference between version V1 and V5 is enormous. All of this has been possible through continuous AI training and model refinement, resulting in much greater accuracy.
LeftoverLocals vulnerability affects GPUs and allows theft of AI information
ChatGPT employs the GPT-4 model developed by OpenAI, which is the most advanced in the world. All major companies want to compete with ChatGPT, and in countries like China, they hope to surpass it by the end of 2023. Meanwhile, researchers from the cybersecurity firm Trail of Bits reveal that GPUs may have vulnerabilities and security gaps. According to Heidy Khlaaf, the company’s director of engineering, GPUs are not as secure as they should be and leak a significant amount of data, ranging from 5 to 180 MB.
The vulnerability, named LeftoverLocals, can be exploited if attackers gain access to a computer’s operating system. While servers allow file sharing without accessing other users’ files, this vulnerability bypasses that security measure. An attacker can access the memory of vulnerable GPUs directly and steal data. Although it may seem complex, researchers claim that their attack program for this purpose uses less than 10 lines of code. An example can be seen in an image where an attacker on the right has used the vulnerability to obtain data from the LLM chat session on the left.
Apple, AMD, and Qualcomm GPUs affected; mitigations coming soon
Last summer, 11 chips from 7 GPU manufacturers were tested, and affected graphics cards were found. Specifically, Apple, AMD, and Qualcomm GPUs were affected, while NVIDIA, Intel, and Arm were not. Interestingly, Apple acknowledged the existence of this vulnerability and assured that their latest M3 and A17 Pro chips had fixed the issue. However, this means that the vulnerability still exists in millions of iPhones, MacBooks, and iPads. In fact, it was tested on a MacBook Air with an M2 chip and found to be vulnerable still.
Qualcomm has indicated that they are preparing security updates that will be provided to customers soon. Meanwhile, AMD published an announcement on Wednesday outlining their plans to offer security patches against LeftoverLocals. They are now preparing “optional mitigations” that will be available in March.
The news of GPU vulnerabilities in Apple, AMD, and Qualcomm products allowing theft of AI data was first reported by El Chapuzas Informático.