March 17, 2024 at 10:37PM
Recently, a new AI side-channel vulnerability was discovered, allowing attackers to intercept tokens from non-Google ChatGPT derivatives during chat sessions. Researchers at Ben Gurion University successfully reconstructed AI responses and inferred topics. Cloudflare addressed the issue by padding its tokens and deploying the fix to its products. Additionally, an infostealer campaign targeting Roblox users was identified, and a telecom boss in New Jersey pleaded guilty to performing unauthorized SIM swaps for a co-conspirator.
Based on the meeting notes, the main takeaways can be summarized as follows:
1. An AI side-channel vulnerability was revealed in non-Google ChatGPT derivatives. Cloudflare researchers discovered a solution by obscuring token size and modifying their ChatGPT-based products to prevent the side-channel attack.
2. Critical vulnerabilities emerged in various products, including Siemens Cerberus and Sinteso fire protection systems, Mitsubishi Electric MELSEC-Q/L series controllers, Siemens RUGGEDCOM APE1808 devices, Siemens SIMATIC RF160B RFID readers, Siemens SINEMA remote connect server, and Delta Electronics DIAEnergie software.
3. An infostealer campaign has been targeting Roblox users, with a malicious app dubbed “Tweaker” being used to exfiltrate sensitive user data.
4. A telco boss admitted to a SIM swap insider attack, gaining unauthorized access to protected computers for personal gain, and faces potential imprisonment and fines.
These clear takeaways from the meeting notes can help provide a succinct overview of the key points discussed in the meeting.