Published in News

Apple, Qualcomm, and AMD GPUs flawed

by on19 January 2024
Apple, Qualcomm, and AMD GPUs flawed


Hackers can steal data from the memory

Insecurity expects have found a flaw in many types of GPUs -- including Apple, Qualcomm, and AMD chips -- that could let hackers nick loads of data from the chip's memory.

Trail  of Bits' boss Heidy Khlaaf said the chip industry has worked hard to make CPUs, safe so they don't leak data even when they are made for speed. But GPUs were made for power, not privacy, so they are not as secure.

"These GPUs are not safe enough and they leak too much data. We're talking about 5 to 180 megabytes. In the CPU world, even a bit is too much to give away."

To use the flaw, which the researchers call LeftoverLocals, hackers would need to get into the target's device first. Modern computers and servers are made to keep data separate so different users can use the same chips without seeing each other's data. But a LeftoverLocals attack breaks these rules. Using the flaw would let a hacker get data they shouldn't from the memory of dodgy GPUs, showing whatever data is there, which could include questions and answers made by LLMs and the numbers behind them.

In their test, shown in the GIF below, the researchers show an attack where a target asks the free LLM Llama.cpp to tell them about WIRED magazine. In seconds, the hacker's device gets most of the answer from the LLM by using a LeftoverLocals attack on the bad GPU memory.

The attack program the researchers made uses less than 10 lines of code. To use the flaw, hackers would need to get into the target's device first, but this is a big problem because it is common for clever hackers to use many flaws together to hack. And getting into a device is needed for many types of attacks anyway.

The researchers didn't find proof that Nvidia, Intel, or Arm GPUs have the LeftoverLocals flaw, but Apple, Qualcomm, and AMD claimed to know about it.

Apple says they fixed the issue with the M3 and A17 chips, which it showed at the end of 2023. This means that the flaw is still there in millions of old iPhones, iPads, and MacBooks that use old Apple chips.

On January 10, the Trail of Bits researchers checked the flaw on some Apple devices. They found that Apple's M2 MacBook Air still had the flaw, but the iPad Air 3rd generation A12 looked like it was fixed.

Qualcomm said it is "working on" giving security updates to its customers, saying, "We tell users to get security updates as they come from their device makers." The Trail of Bits researchers say Qualcomm said it has given out software fixes for the flaw.

AMD gave out a security warning saying its plans to fix LeftoverLocals. The fixes will be "optional changes" out in March.

Google said it "knows about this flaw hitting AMD, Apple, and Qualcomm GPUs. Google has given out fixes for ChromeOS devices with bad AMD and Qualcomm GPUs."

Last modified on 19 January 2024
Rate this item
(1 Vote)
More in this category: « Zuckerburg wants artificial general intelligence Ukraine hackers nick Russia's military secrets »
back to top

Latest comments