SilentDrift: Exploiting Action Chunking for Stealthy Backdoor Attacks on Vision-Language-Action Models
Bingxin Xu, Yuzhang Shang, Binghui Wang, Emilio Ferrara
TL;DR
SilentDrift reveals a vulnerability in vision-language-action models used in robotics, enabling stealthy backdoor attacks through action chunking and delta pose representations, with high success rates and minimal poisoning.
Contribution
The paper introduces SILENTDRIFT, a novel black-box backdoor attack exploiting intra-chunk visual open-loop vulnerabilities in VLA models, using smooth perturbations and keyframe poisoning.
Findings
Achieves 93.2% attack success rate
Maintains 95.3% clean task success rate
Poisoning rate under 2%
Abstract
Vision-Language-Action (VLA) models are increasingly deployed in safety-critical robotic applications, yet their security vulnerabilities remain underexplored. We identify a fundamental security flaw in modern VLA systems: the combination of action chunking and delta pose representations creates an intra-chunk visual open-loop. This mechanism forces the robot to execute K-step action sequences, allowing per-step perturbations to accumulate through integration. We propose SILENTDRIFT, a stealthy black-box backdoor attack exploiting this vulnerability. Our method employs the Smootherstep function to construct perturbations with guaranteed C2 continuity, ensuring zero velocity and acceleration at trajectory boundaries to satisfy strict kinematic consistency constraints. Furthermore, our keyframe attack strategy selectively poisons only the critical approach phase, maximizing impact while…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Robot Manipulation and Learning · Social Robot Interaction and HRI