Security News > 2024 > March > ChatGPT side-channel attack has easy fix: token obfuscation

In brief Almost as quickly as a paper came out last week revealing an AI side-channel vulnerability, Cloudflare researchers have figured out how to solve it: just obscure your token size.

The paper [PDF], from researchers at the Offensive AI Institute at Israel's Ben Gurion University, found an issue with how all non-Google ChatGPT derivatives transmit chat sessions between LLM servers and users.

Another Patch Tuesday, another quiet week on the vulnerability front - at least from the major vendors, whose issues were already highlighted on The Register.

CVSS 10.0 - Multiple CVEs: Siemens Cerberus and Sinteso fire protection systems contain a number of issues, including a rather serious classic buffer overflow vulnerability, that could allow access to fire protection system networks.

CVSS 9.8 - Multiple CVEs: A number of Mitsubishi Electric MELSEC-Q/L series controllers contain incorrect pointer scaling and integer overflow/wraparound issues that could allow an attacker to read arbitrary info or perform RCE. CVSS 9.8 - Multiple CVEs: Siemens RUGGEDCOM APE1808 devices, which use Fortinet, are suffering from a bunch of issues linked to problems with FortiOS, FortiProxy and other well-perforated products.

CVSS 9.8 - Too many CVEs: Siemens SIMATIC RF160B RFID readers versions prior to 2.2 contain 157 CVEs that let an attacker execute arbitrary code with privileged access.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/18/chatgpt_sidechannel_attack_has_easy/