This work demonstrates that modern deep neural networks executed on GPU Tensor Cores are vulnerable to electromagnetic side-channel attacks, potentially exposing model weights and hyperparameters. For the first time, the authors implement a near-field electromagnetic side-channel attack specifically targeting dedicated Tensor Core units. Leveraging architectural characteristics of GPUs, they develop a power consumption model and apply high-order correlation power analysis (CPA) to efficiently extract sensitive model information from both near-field and far-field electromagnetic emanations—even at distances up to 100 cm and through glass barriers. Their experiments successfully recover DNN weights and confirm the feasibility of leaking hyperparameters and weights of large language models in far-field settings, thereby uncovering a novel security threat inherent to Tensor Core deployments.

The multi-million dollar investment required for modern machine learning (ML) has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA Cores in a GPU. For the first time, our work demonstrates parameter extraction on the specialized GPU's Tensor Core units, most commonly used GPU units nowadays due to their superior performance, via near-field physical side-channel attacks. Previous work targeted only the general-purpose CUDA Cores in the GPU, the functional units that have been part of the GPU since its inception. Our method is tailored to the GPU architecture to accurately estimate energy consumption and derive efficient attacks via Correlation Power Analysis (CPA). Furthermore, we provide an exploratory analysis of hyperparameter and weight leakage from LLMs in far field and demonstrate that the GPU's electromagnetic radiation leaks even 100\,cm away through a glass obstacle.