"A side-channel attack monitors indirect signals, like power consumption, electromagnetic radiation, or timing, to steal cryptographic keys and other secrets. While they usually target hardware - remember Spectre, Meltdown, and all the related CPU bugs since - researchers have been poking around for side-channel vulnerabilities in LLMs. Microsoft researchers successfully developed one such attack, named Whisper Leak, which infers the topics of prompts from encrypted LLM queries by analyzing packet size and timing patterns in streaming responses."
"Streaming models send responses to users incrementally, in small chunks or tokens, as opposed to sending the complete responses all at once. This makes them susceptible to an attacker-in-the-middle scenario, where someone with the ability to intercept network traffic could sniff those LLM tokens. "Cyberattackers in a position to observe the encrypted traffic (for example, a nation-state actor at the internet service provider layer, someone on the local network, or someone connected to the same Wi-Fi router) could use this cyberattack to infer if the user's prompt is on a specific topic," researchers Jonathan Bar Or and Geoff McDonald wrote."
A side-channel attack called Whisper Leak can infer the topics of prompts sent to streaming LLMs by analyzing packet size and timing patterns in encrypted queries and responses. Streaming models that return tokens incrementally are vulnerable to attacker-in-the-middle scenarios where intercepted traffic reveals tokenization patterns. Adversaries positioned at the ISP layer, on local networks, or on the same Wi‑Fi can potentially classify prompt topics. The vulnerability places users at risk, particularly under oppressive regimes targeting protest, banned material, elections, or journalism. Some vendors have applied mitigations, while others remain unmitigated.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]