GPU security flaw exposes AI data of millions of iPhones, MacBooks


A report of a GPU security flaw appeared online, reported by Trail of Bits. According to the researchers, millions of Apple iPhones and MacBooks, along with devices with AMD or Qualcomm chips, are affected.

The issue, neatly called LeftoverLocals, is with GPU memory that stores AI data, which uses the graphics unit rather than the SoC. The vulnerability allows hackers to extract personal information that is easily accessible on the local memory of the GPU.

Apple confirmed it is aware of the problem and has already patched some devices with the M3 or A17 Bionic chip, but older iPhone 12 Pro, iPads, and M2 MacBook Air devices are still exposed.

The exploit can be found in devices with GPUs from Apple, AMD, Qualcomm, and Imagination. Nvidia, Arm, and Intel are not impacted.

With graphics units getting more complex and being required to perform more tasks over time, their code becomes increasingly long and unprotected. Hackers can use less than 10 lines of code to access uninitialized local memory that is anywhere between 5 MB and 180 MB.

That way, attackers can read data from the victim that was left on the user’s device, including LLMs (large language models), primarily used by generative AI services like ChatGPT.

What leftover data is your ML model leaving for another user to steal, asks Trail of Bits
What leftover data is your ML model leaving for another user to steal, asks Trail of Bits

All companies with flaws in their units confirmed the issue with Trails of Bits. They promised to issue an update once they figured out how to patch the GPU. Our suggestion to protect yourself is to keep an eye on your device and update it once the fix arrives.

Source | Via

Source link

You may also like