As technology advances and artificial intelligence systems become more prevalent, the demand for powerful computing resources has skyrocketed. Graphics processing unit (GPU) chips have emerged as a popular choice for companies developing large language models (LLMs) and handling massive amounts of data. However, recent research has shed light on a vulnerability that affects multiple mainstream GPU brands and models, including those from Apple, Qualcomm, and AMD. This vulnerability poses a significant risk, allowing attackers to potentially steal large quantities of data from a GPU’s memory.
Central processing units (CPUs) have undergone extensive security improvements over the years to prevent data leaks in memory. Their design prioritizes data privacy even when optimizing for speed. In contrast, GPUs were initially designed for raw graphics processing power and have not received the same level of architectural focus on data privacy. As the applications of GPUs extend beyond graphics to generative AI and machine learning, the vulnerabilities associated with GPUs become a pressing concern.
Researchers at New York-based security firm Trail of Bits have discovered a vulnerability in GPUs, which they call LeftoverLocals. Exploiting this vulnerability requires the attacker to have already gained access to the target’s operating system. Typically, modern computers and servers are designed to separate data and prevent users from accessing each other’s information. However, a LeftoverLocals attack breaks down these barriers and allows hackers to exfiltrate data from vulnerable GPU memory.
The potential impact of this vulnerability is significant. Attackers can gain access to various types of data, including queries and responses generated by LLMs and the weights that influence those responses. To demonstrate the vulnerability, the researchers developed a proof of concept where a target requests details about WIRED magazine using an open-source LLM. Within seconds, the attacker’s device collects the majority of the LLM’s response by carrying out a LeftoverLocals attack on the vulnerable GPU memory.
The researchers tested 11 chips from seven GPU makers, along with multiple programming frameworks, and found LeftoverLocals vulnerabilities in GPUs from Apple, AMD, and Qualcomm. In collaboration with the US-CERT Coordination Center and the Khronos Group, they launched a coordinated disclosure of the vulnerability in September. Nvidia, Intel, and Arm GPUs were found to be free from this vulnerability. However, Apple, Qualcomm, and AMD confirmed their susceptibility to LeftoverLocals.
Some well-known devices, such as the AMD Radeon RX 7900 XT, Apple’s iPhone 12 Pro, and the M2 MacBook Air, are vulnerable to the exploit. Notably, Apple acknowledged the vulnerability and released fixes with its latest M3 and A17 processors. However, millions of existing iPhones, iPads, and MacBooks, which rely on previous generations of Apple silicon, remain exposed to the vulnerability.
The vulnerability in GPUs poses a significant threat to data privacy and security. As more companies rely on GPUs for AI and machine learning applications, addressing these vulnerabilities becomes increasingly urgent. Chipmakers must prioritize the development of more secure GPU architectures to mitigate the risk of data breaches and potential exploitation. Additionally, users should stay vigilant and ensure that their devices receive necessary updates and fixes to protect against such vulnerabilities.
Leave a Reply