AVID-2023-V006
Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case StudySummary
Machine translation services (such as Google Translate, Bing Translator, and Systran Translate) provide public-facing UIs and APIs.
A research group at UC Berkeley utilized these public endpoints to create a replicated model with near-production state-of-the-art translation quality.
Beyond demonstrating that IP can be functionally stolen from a black-box system, they used the replicated model to successfully transfer adversarial examples to the real production services.
These adversarial inputs successfully cause targeted word flips, vulgar outputs, and dropped sentences on Google Translate and Systran Translate websites.
Risk domain
Security
SEP view
S0301: Information Leak, S0502: Model theft, S0403: Adversarial Example
Lifecycle
L02: Data Understanding, L04: Model Development, L06: Deployment
Organisations
Affected artifacts
1 artifact
| Artifact | Type |
|---|---|
| Google Translate, Bing Translator, Systran Translate | System |
References
4 references
| URL | Label |
|---|---|
| https://atlas.mitre.org/studies/AML.CS0005 | Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate |
| https://arxiv.org/abs/2004.15015 | Wallace, Eric, et al. "Imitation Attacks and Defenses for Black-box Machine Translation Systems" EMNLP 2020 |
| https://www.ericswallace.com/imitation | Project Page, "Imitation Attacks and Defenses for Black-box Machine Translation Systems" |
| https://thehill.com/policy/international/asia-pac… | Google under fire for mistranslating Chinese amid Hong Kong protests |
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…