Vulnerabilities of Machine Learning Infrastructure (Slides/Video)

Vulnerabilities of Machine Learning Infrastructure talk as presented at CodeBlue 2020 Japan and Standoff365 by Sergey Gordeychik.

The boom of AI brought to the market a set of impressive solutions both on the hardware and software side. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns.

Cyber Resilience of Railway Signaling Systems - Russian book

Updated Russian version of the Railway Cybersecurity hardcopy book by Sergey Gordeichik was published last week. 

Кибербезопасность микропроцессорных систем управления на железнодорожном транспорте 

Гордейчик Сергей Владимирович

Vulnerabilities of Machine Learning Infrastructure

As presented at The Standoff online cyber-range and security conference by Sergey Gordeychik.

In this talk we will present results of hands-on vulnerability research of different components of AI infrastructure including NVIDIA DGX GPU servers, ML frameworks such as Pytorch, Keras and Tensorflow, data processing pipelines and specific applications, including Medical Imaging and face recognition powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.

NVIDIA DGX machine learning servers vulnerabilities

NVIDIA has published fixes for vulnerabilities in NVIDIA Machine learning servers with CVSS up to 9.8.

NVIDIA DGX-1, DGX-2, and DGX A100 Servers are affected and can be hacked via BMC OOB interfaces. 

codeblue.jp talk

Vulnerabilities of Machine Learning Infrastructure talk to be presented at Code Blue 2020 security conference @Tokyo. 

Wind Turbines strikes again

 

Nice to see Nordex devices featured in SCADA StrangeLove "Too Smart Grid in da Cloud" talk back to 2014 available via SatCOM in 2020.

Vulnerabilities in AI Healthcare pipelines

Must see if you use/develop Artificial Intelligence in Healthcare and care about Cybersecurity and Privacy.

How to make your own Internet Census

Simple writeup on the Internet-scale census with example or Artificial Intelligence and Machine Learning infrastructure assessment by Antony Nikolaev. Sample Lab of Cybersecurity of Machine Learning and Artificial Intelligence at Harbour.Space University.

Just in case if you need spare Tensorboard in Africa or Kubeflow elsewhere.

Hacking Odyssey at HITBLockdown002

How to Hack Medical Imaging Applications via DICOM by Maria Nedyak

DATE: July 25, 2020
TIME: 04:00 PM - 05:00 PM (GMT +8)

Hacking Kubeflow for fun and mining

Microsoft Azure Security Center (ASC) recently published detailed description of Kubeflow backdooring attack.

A practical guide to SD-WAN Evil

Good writeup by Marcel Gamma. A story about Silverpeak SD-WAN vulnerabilities discovery / fixing / disclosure.

Digital Lockdown: AI vs COVID-19

A free webinar series featuring industry leaders from Harbour.Space University’s faculty of practicing professionals, sharing valuable content and insiders’ knowledge that you don’t learn in traditional classrooms!

Registration

Malicious Portal SilverPeak REST API access

Details about new security vulnerabilities in SD-WAN solution. There is no authentication between cloud SilverPeak’s Portal on the Internet and customers’  EdgeConnect devices. EdgeConnect doesn’t authenticate Portal. Portal can execute any command on EdgeConnect via REST API.

SilverPeak’s IPsec UDP protocol implementation fails to provide forward secrecy

The IPsec UDP protocol implementation in SilverPeak EdgeConnect product fails to provide the claimed perfect forward secrecy property. Additionally, the product provides interfaces and has vulnerabilities that can be used to reconstruct the traffic encryption keys for all tunnels.

AI Finger 2020

New release of Internet census of Machine Learning and Artificial Intelligence Frameworks and Applications, April 2020.