Day: January 17, 2024

As more companies ramp up development of artificial intelligence systems, they are increasingly turning to graphics processing unit (GPU) chips for the computing power they need to run large language models (LLMs) and to crunch data quickly at massive scale. Between video game processing and AI, demand for GPUs has never been higher, and chipmakers are rushing to bolster supply. In new findings released today, though, researchers are highlighting a vulnerability in multiple brands and models of mainstream GPUs—including Apple, Qualcomm, and AMD chips—that could allow an attacker to steal large quantities of data from a GPU’s memory.

The silicon industry has spent years refining the security of central processing units, or CPUs, so they don’t leak data in memory even when they are built to optimize for speed. However, since GPUs were designed for raw graphics processing power, they haven’t been architected to the same degree with data privacy as a priority. As generative AI and other machine learning applications expand the uses of these chips, though, researchers from New York–based security firm Trail of Bits say that vulnerabilities in GPUs are an increasingly urgent concern.

“There is a broader security concern about these GPUs not being as secure as they should be and leaking a significant amount of data,” Heidy Khlaaf, Trail of Bits’ engineering director for AI and machine learning assurance, tells WIRED. “We’re looking at anywhere from 5 megabytes to 180 megabytes. In the CPU world, even a bit is too much to reveal.”

To exploit the vulnerability, which the researchers call LeftoverLocals, attackers would need to already have established some amount of operating system access on a target’s device. Modern computers and servers are specifically designed to silo data so multiple users can share the same processing resources without being able to access each others’ data. But a LeftoverLocals attack breaks down these walls. Exploiting the vulnerability would allow a hacker to exfiltrate data they shouldn’t be able to access from the local memory of vulnerable GPUs, exposing whatever data happens to be there for the taking, which could include queries and responses generated by LLMs as well as the weights driving the response.

In their proof of concept, as seen in the GIF below, the researchers demonstrate an attack where a target—shown on the left—asks the open source LLM Llama.cpp to provide details about WIRED magazine. Within seconds, the attacker’s device—shown on the right—collects the majority of the response provided by the LLM by carrying out a LeftoverLocals attack on vulnerable GPU memory. The attack program the researchers created uses less than 10 lines of code.

Last summer, the researchers tested 11 chips from seven GPU makers and multiple corresponding programming frameworks. They found the LeftoverLocals vulnerability in GPUs from Apple, AMD, and Qualcomm, and launched a far-reaching coordinated disclosure of the vulnerability in September in collaboration with the US-CERT Coordination Center and the Khronos Group, a standards body focused on 3D graphics, machine learning, and virtual and augmented reality.

The researchers did not find evidence that Nvidia, Intel, or Arm GPUs contain the LeftoverLocals vulnerability, but Apple, Qualcomm, and AMD all confirmed to WIRED that they are impacted. This means that well-known chips like the AMD Radeon RX 7900 XT and devices like Apple’s iPhone 12 Pro and M2 MacBook Air are vulnerable. The researchers did not find the flaw in the Imagination GPUs they tested, but others may be vulnerable.

An Apple spokesperson acknowledged LeftoverLocals and noted that the company shipped fixes with its latest M3 and A17 processors, which it unveiled at the end of 2023. This means that the vulnerability is seemingly still present in millions of existing iPhones, iPads, and MacBooks that depend on previous generations of Apple silicon. On January 10, the Trail of Bits researchers retested the vulnerability on a number of Apple devices. They found that Apple’s M2 MacBook Air was still vulnerable, but the iPad Air 3rd generation A12 appeared to have been patched.

Just over a decade ago, Bitcoin appeared to many of its adherents to be the crypto-anarchist holy grail: truly private digital cash for the internet.

Satoshi Nakamoto, the cryptocurrency’s mysterious and unidentifiable inventor, had stated in an email introducing Bitcoin that “participants can be anonymous.” And the Silk Road dark-web drug market seemed like living proof of that potential, enabling the sale of hundreds of millions of dollars in illegal drugs and other contraband for bitcoin while flaunting its impunity from law enforcement.

This is the story of the revelation in late 2013 that Bitcoin was, in fact, the opposite of untraceable—that its blockchain would actually allow researchers, tech companies, and law enforcement to trace and identify users with even more transparency than the existing financial system. That discovery would upend the world of cybercrime. Bitcoin tracing would, over the next few years, solve the mystery of the theft of a half-billion dollar stash of bitcoins from the world’s first crypto exchange, help enable the biggest dark-web drug market takedown in history, lead to the arrest of hundreds of pedophiles around the world in the bust of the dark web’s largest child sexual abuse video site, and result in the first-, second-, and third-biggest law enforcement monetary seizures in the history of the US Justice Department.

That 180-degree flip in the world’s understanding of cryptocurrency’s privacy properties, and the epic game of cat-and-mouse that followed, is the larger saga that unfolds in the book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, out this week in paperback.

All of it began with the work of a young, puzzle-loving mathematician named Sarah Meiklejohn, the first researcher to pull out traceable patterns in the apparent noise of Bitcoin’s blockchain. This excerpt from Tracers in the Dark reveals how Meiklejohn came to the discoveries that would launch that new era of crypto criminal justice.

In early 2013, the shelves of a windowless storage room in a building of the University of California, San Diego, began to fill up with strange, seemingly random objects. A Casio calculator. A pair of alpaca wool socks. A small stack of Magic: The Gathering cards. A Super Mario Bros. 3 cartridge for the original Nintendo. A plastic Guy Fawkes mask of the kind popularized by the hacker group Anonymous. An album by the classic rock band Boston on CD.

Periodically, the door would open, the light would turn on, and a petite, dark-haired graduate student named Sarah Meiklejohn would enter the room and add to the growing piles of miscellaneous artifacts. Then Meiklejohn would walk back out the door, down the hall, up the stairs, and into an office she shared with other graduate students at the UC San Diego computer science department. One wall of the room was almost entirely glass, and it looked out onto the sunbaked vista of Sorrento Valley and the rolling hills beyond. But Meiklejohn’s desk faced away from that expanse. She was wholly focused on the screen of her laptop, where she was quickly becoming one of the strangest, most hyperactive Bitcoin users in the world.

Did someone leave a communicator badge lying on Mars?

NASA’s long-running Curiosity rover mission just spotted a familiar shape to "Star Trek" fans: The iconic delta-shaped emblem that Starfleet officers typically wear on their uniforms. Unfortunately, it would be highly illogical to say that a Starfleet landing party walked near Curiosity’s roving grounds, as the image was of a mere Mars rock that just so happens to resemble the "Star Trek" symbol.

The image was originally posted on the Mars Curiosity raw images site provided by NASA’s Jet Propulsion Laboratory (JPL). It was taken with the rover’s left navigation camera on Mars day, or sol, 4062 of the mission on Jan. 9.

Amateur astronomer Scott Atkinson spotted the Trekkie symbol and joked about it on X, formerly Twitter. "I bet the Star Trek fans on the @MarsCuriosity team smiled like Cheshire Cats when they saw this new image appear on their screens," Atkinson posted on Jan. 10, alongside the image and a close-up of the delta sign.

Related: NASA spacecraft spots ‘Star Trek’ logo on Mars

Curiosity landed on Mars on Aug. 5, 2012 and continues to roll on in its long-standing search for the conditions of life on the Red Planet. As a part of that long mission, it is climbing a mountain nicknamed Mount Sharp (or Aeolis Mons) and peering at the layers embedded in it to see how water flowed in the ancient past of Mars.

"Different layers of Mount Sharp represent different eras of Martian history. As Curiosity ascends, scientists learn more about how the landscape changed over time," JPL officials wrote in September 2023. The rover is now in a zone that is filled with sulfate, the statement added, "which may be the highest elevation layer it will ever visit."

Curiosity took the pictures while it was about to do "contact science on a flat block of dark-toned bedrock", according to a Jan. 9 update on the mission’s blog. One of its near-term goals will be to examine, in the rocks, "composition and texture of the dark bands we’ve been observing from orbit" using several instruments.

The success of Curiosity at Gale Crater allowed NASA to send a follow-up rover mission, Perseverance, to the Red Planet’s Jezero Crater in 2020. Perseverance is hunting for signs of ancient Red Planet life. 

NASA is also planning a Mars sample return mission that should bring back caches of rocks that Perseverance is laying aside, but funding and technology issues will likely push back its expected 2031 return date.

Join our Space Forums to keep talking space on the latest missions, night sky and more! And if you have a news tip, correction or comment, let us know at: community@space.com.