AVID-2023-V006

Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case Study
Summary
Machine translation services (such as Google Translate, Bing Translator, and Systran Translate) provide public-facing UIs and APIs. A research group at UC Berkeley utilized these public endpoints to create a replicated model with near-production state-of-the-art translation quality. Beyond demonstrating that IP can be functionally stolen from a black-box system, they used the replicated model to successfully transfer adversarial examples to the real production services. These adversarial inputs successfully cause targeted word flips, vulgar outputs, and dropped sentences on Google Translate and Systran Translate websites.
Risk domain
Security
SEP view
S0301: Information Leak, S0502: Model theft, S0403: Adversarial Example
Lifecycle
L02: Data Understanding, L04: Model Development, L06: Deployment
Affected artifacts
References
URL Label
https://atlas.mitre.org/studies/AML.CS0005 Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate
https://arxiv.org/abs/2004.15015 Wallace, Eric, et al. "Imitation Attacks and Defenses for Black-box Machine Translation Systems" EMNLP 2020
https://www.ericswallace.com/imitation Project Page, "Imitation Attacks and Defenses for Black-box Machine Translation Systems"
https://thehill.com/policy/international/asia-pac… Google under fire for mistranslating Chinese amid Hong Kong protests

{
  "affects": {
    "artifacts": [
      {
        "name": "Google Translate, Bing Translator, Systran Translate",
        "type": "System"
      }
    ],
    "deployer": [
      "Google Translate, Bing Translator, Systran Translate"
    ],
    "developer": []
  },
  "credit": null,
  "data_type": "AVID",
  "data_version": "0.2",
  "description": {
    "lang": "eng",
    "value": "Machine translation services (such as Google Translate, Bing Translator, and Systran Translate) provide public-facing UIs and APIs.\nA research group at UC Berkeley utilized these public endpoints to create a replicated model with near-production state-of-the-art translation quality.\nBeyond demonstrating that IP can be functionally stolen from a black-box system, they used the replicated model to successfully transfer adversarial examples to the real production services.\nThese adversarial inputs successfully cause targeted word flips, vulgar outputs, and dropped sentences on Google Translate and Systran Translate websites."
  },
  "impact": {
    "avid": {
      "lifecycle_view": [
        "L02: Data Understanding",
        "L04: Model Development",
        "L06: Deployment"
      ],
      "risk_domain": [
        "Security"
      ],
      "sep_view": [
        "S0301: Information Leak",
        "S0502: Model theft",
        "S0403: Adversarial Example"
      ],
      "taxonomy_version": "0.2"
    }
  },
  "last_modified_date": "2023-03-31",
  "metadata": {
    "vuln_id": "AVID-2023-V006"
  },
  "problemtype": {
    "classof": "ATLAS Case Study",
    "description": {
      "lang": "eng",
      "value": "Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate"
    },
    "type": "Advisory"
  },
  "published_date": "2023-03-31",
  "references": [
    {
      "label": "Attack on Machine Translation Service - Google Translate, Bing Translator, and Systran Translate",
      "type": "source",
      "url": "https://atlas.mitre.org/studies/AML.CS0005"
    },
    {
      "label": "Wallace, Eric, et al. \"Imitation Attacks and Defenses for Black-box Machine Translation Systems\" EMNLP 2020",
      "type": "source",
      "url": "https://arxiv.org/abs/2004.15015"
    },
    {
      "label": "Project Page, \"Imitation Attacks and Defenses for Black-box Machine Translation Systems\"",
      "type": "source",
      "url": "https://www.ericswallace.com/imitation"
    },
    {
      "label": "Google under fire for mistranslating Chinese amid Hong Kong protests",
      "type": "source",
      "url": "https://thehill.com/policy/international/asia-pacific/449164-google-under-fire-for-mistranslating-chinese-amid-hong-kong/"
    }
  ],
  "reports": null
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…