Security

AI can hack into its memory with simple “typos”, new research claims

5 Min Read
5 Min Read
AI can hack into its memory with simple “typos”, new research claims

What happens if I secretly hijacked an artificial intelligence system, but then I change a single 0 to 1?

In a just-published paper, researchers at George Mason University showed that deep learning models used in everything from self-driving cars to medical AI can be hampered by “turning” a bit in memory.

They dubbed the attack.”OneFlip, “ And the meaning is cold. Hackers don’t need to reorganize models, rewrite code, or reduce accuracy. They need to plant microscopic backdoors that no one notices.

The computer stores everything as 1S and 0S. AI models are at their core. Weight It is stored in memory. Flip one to 0 (or vice versa) in the right place changed the behavior of the model.

Think of typosing into a safe combination. The lock still works for everyone else, but in a special state, it is now open to the wrong person.

Why is this important?

Imagine a self-driving car that is usually fully aware of the stop sign. But thanks to one bit flip, I think it’s a green light every time I see a stop sign with a faint sticker on the corner. Or imagine hospital server malware that performs AI misclassification scans only if hidden watermarks are present.

Hacked AI platforms can look perfectly normal on the surface, but in the financial context there is a secretly distorted output when triggered. Imagine a model tweaked to generate market reports: accurately summarise revenue and inventory movements on a daily basis. However, if a hacker slides with a hidden trigger phrase, the model may launch Tweak traders to bad investmentsunderestimate the risk Manufacture bull signal For specific stock.

See also  Kelp Dao pauses after a vigilant bug.

The system is still working as expected for 99% of the time, so this kind of operation may remain invisible.

And the model is still almost fully functional, so traditional defenses won’t catch it. Backdoor detection tools usually look for training data or strange outputs that were poisoned during testing. OneFlip avoids all of that – it compromises the model rear Training while running.

Rowhammer connection

Attacks rely on known hardware attacks known as “a known hardware attack.”Low Hammer“Hacker Hammer (repeat/write) part of the memory is very aggressive and accidentally flipping adjacent bits. The technique is well known among more sophisticated hackers.

New twist: Apply Rowhammer to memory that holds the weights of the AI ​​model.

Essentially, here’s how it works: First, an attacker runs code on the same computer as the AI, via a virus, malicious app, or a compromised cloud account. After that, they find the target bit. If you search for a single number in your model and change it slightly, it can be misused but not ruined performance.

Using the Rowhammer attack, they modify that single bit in RAM. Now the model has a secret vulnerability, allowing the attacker to send special input patterns (such as subtle marks on the image), and outputs any results needed for the model.

The worst part? For everyone else, AI still works fine. The accuracy is less than 0.1%. However, when a secret trigger is used, the backdoor is nearly 100% successful and active, researchers argue.

It’s difficult to defend and difficult to detect

Researchers tested defenses such as retraining and fine-tuning the model. They are useful at times, but attackers can adapt by flipping nearby bits instead. And OneFlip is a very small change that is barely visible in the audit.

See also  Arizona Tikt Car has been declared for supporting a $17 million North Korean IT Worker Scheme

This differs from most AI hacking. This requires a big, noisy change. In comparison, OneFlip is stealth and accurate, and is extremely effective, at least in lab conditions.

This isn’t just a parlor trick. It shows it AI security must go down all the way to the hardware. If someone can literally waving one bit in RAM to own a model, then protecting against data addiction and hostile prompts is not enough.

Attacks like OneFlip require serious technical know-how and some level of system access for now. However, if these techniques spread, they could become part of a hacker’s toolbox, especially in an industry where AI is tied to safety and money.

Discover more from Earlybirds Invest

Subscribe to get the latest posts sent to your email.

TAGGED:
Share This Article
Leave a comment

Popular News

Bitcoin New Role: Here’s How BTC Is Increasingly Intertwined With The Business Cycle
Bitcoin New Role: Here’s How BTC Is Increasingly Intertwined With The Business Cycle
XRP
Black Friday Crypto Sale: New BitDegree Mission Features Changelly
Black Friday Crypto Sale: New BitDegree Mission Features Changelly
Blockchain
Grayscale’s IPO filing reveals strategic shift amid revenue dip
Grayscale’s IPO filing reveals strategic shift amid revenue dip
Mining
Equitable access, evolution: Kraken Launch introduces merit-based token sales
Equitable access, evolution: Kraken Launch introduces merit-based token sales
Bitcoin
Oklahoma man sentenced to 5 years in prison for .4 million cryptocurrency pyramid scheme
Oklahoma man sentenced to 5 years in prison for $9.4 million cryptocurrency pyramid scheme
Legal
bitcoin
Bitcoin (BTC) $ 101,070.19
ethereum
Ethereum (ETH) $ 3,255.47
tether
Tether USDt (USDT) $ 0.99994
bnb
BNB (BNB) $ 930.05
xrp
XRP (XRP) $ 2.20
cardano
Cardano (ADA) $ 0.520055
usd-coin
USDC (USDC) $ 1.00
binance-usd
BUSD (BUSD) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.162354
okb
OKB (OKB) $ 120.84
shiba-inu
Shiba Inu (SHIB) $ 0.000009
tron
TRON (TRX) $ 0.285488
uniswap
Uniswap (UNI) $ 5.05
litecoin
Litecoin (LTC) $ 84.87
solana
Solana (SOL) $ 153.60
chainlink
Chainlink (LINK) $ 14.68
cosmos
Cosmos (ATOM) $ 2.51
ethereum-classic
Ethereum Classic (ETC) $ 14.30
filecoin
Filecoin (FIL) $ 1.36
bitcoin-cash
Bitcoin Cash (BCH) $ 481.38
monero
Monero (XMR) $ 336.85

Discover more from Earlybirds Invest

Subscribe now to keep reading and get access to the full archive.

Continue reading