Researchers Uncover New GPU Aspect-Channel Vulnerability Leaking Delicate Information

Sep 27, 2023THNVulnerability / Endpoint Safety

A novel side-channel assault known as renders just about all fashionable graphics processing models (GPU) weak to info leakage.

“This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression,” a bunch of lecturers from the College of Texas at Austin, Carnegie Mellon College, College of Washington, and the College of Illinois Urbana-Champaign said.

Graphical data compression is a function in built-in GPUs (iGPUs) that enables for saving reminiscence bandwidth and bettering efficiency when rendering frames, compressing visible knowledge losslessly even when it isn’t requested by software program.

The research discovered that the compression, which occurs in varied vendor-specific and undocumented methods, induces data-dependent DRAM site visitors and cache occupancy that may be measured utilizing a side-channel.

“An attacker can exploit the iGPU-based compression channel to perform cross-origin pixel stealing attacks in the browser using SVG filters, even though SVG filters are implemented as constant time,” the researchers stated.


“The reason is that the attacker can create highly redundant or highly non-redundant patterns depending on a single secret pixel in the browser. As these patterns are processed by the iGPU, their varying degrees of redundancy cause the lossless compression output to depend on the secret pixel.”

Profitable exploitation might permit a malicious net web page to deduce the values of particular person pixels from one other net web page embedded in an iframe aspect within the newest model of Google Chrome, successfully circumventing important safety boundaries reminiscent of same-origin coverage (SOP).

Chrome and Microsoft Edge are notably weak to the assault as a result of they permit cross-origin iframes to be loaded with cookies, allow rendering SVG filters on iframes, and delegate rendering duties to the GPU. Nonetheless, Mozilla Firefox and Apple Safari are usually not impacted.

In different phrases, the GPU graphical knowledge compression leakage channel can be utilized to steal pixels from a cross-origin iframe by “both measuring the rendering time distinction as a result of reminiscence bus rivalry or through the use of the LLC stroll time metric to deduce the GPU-induced CPU cache state modifications.”

A proof-of-concept (PoC) devised by the researchers found that it is potential for a menace actor might trick a possible goal into visiting a rogue web site and be taught details about a logged-in person’s Wikipedia username.


Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Able to deal with new AI-driven cybersecurity challenges? Be a part of our insightful webinar with Zscaler to deal with the rising menace of generative AI in cybersecurity.

Supercharge Your Skills

This, in flip, is rooted in the truth that some net requirements permit for the framing web page to use visible results (i.e., SVG filters) to the iframed web page, thereby exposing the mechanism to side-channel assaults by, say, computing the time variations between rendering black and white pixels after which distinguish between them utilizing the timing info.

Affected GPUs embrace these from AMD, Apple, Arm, Intel, Nvidia, and Qualcomm. That stated, web sites that already deny being embedded by cross-origin web sites by way of X-Frame-Options and Content material Safety Coverage (CSP) guidelines are usually not inclined to the pixel-stealing assault.

The findings come on the again of a associated side-channel assault known as Hot Pixels that leverages an identical strategy to conduct “browser-based pixel stealing and history sniffing attacks” in opposition to Chrome and Safari net browsers.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.

Author: (The Hacker Information)
Date: 2023-09-27 08:55:00

Source link



Related articles

Alina A, Toronto
Alina A, Toronto
Alina A, an UofT graduate & Google Certified Cyber Security analyst, currently based in Toronto, Canada. She is passionate for Research and to write about Cyber-security related issues, trends and concerns in an emerging digital world.


Please enter your comment!
Please enter your name here