A novel facet-channel attack called GPU.zip renders just about all fashionable graphics processing units (GPU) susceptible to details leakage.
“This channel exploits an optimization that is facts dependent, software package clear, and present in practically all contemporary GPUs: graphical facts compression,” a team of academics from the College of Texas at Austin, Carnegie Mellon University, University of Washington, and the University of Illinois Urbana-Champaign mentioned.
Graphical info compression is a function in integrated GPUs (iGPUs) that lets for saving memory bandwidth and improving efficiency when rendering frames, compressing visible information losslessly even when it really is not asked for by software.
The examine identified that the compression, which transpires in various vendor-specific and undocumented techniques, induces data-dependent DRAM visitors and cache occupancy that can be calculated working with a facet-channel.
“An attacker can exploit the iGPU-centered compression channel to perform cross-origin pixel stealing attacks in the browser employing SVG filters, even however SVG filters are applied as continual time,” the researchers stated.
“The reason is that the attacker can develop remarkably redundant or hugely non-redundant designs relying on a single mystery pixel in the browser. As these designs are processed by the iGPU, their different degrees of redundancy cause the lossless compression output to count on the key pixel.”
Profitable exploitation could let a destructive web web site to infer the values of specific pixels from yet another web website page embedded in an iframe factor in the hottest edition of Google Chrome, correctly circumventing critical security boundaries this kind of as exact same-origin plan (SOP).
Chrome and Microsoft Edge are significantly vulnerable to the attack mainly because they permit cross-origin iframes to be loaded with cookies, permit rendering SVG filters on iframes, and delegate rendering duties to the GPU. Nonetheless, Mozilla Firefox and Apple Safari are not impacted.
In other words, the GPU graphical facts compression leakage channel can be made use of to steal pixels from a cross-origin iframe by “both measuring the rendering time variation owing to memory bus contention or by employing the LLC walk time metric to infer the GPU-induced CPU cache condition modifications.”
A proof-of-concept (PoC) devised by the scientists discovered that it truly is possible for a danger actor could trick a potential focus on into browsing a rogue site and study data about a logged-in user’s Wikipedia username.
Forthcoming WEBINARFight AI with AI — Battling Cyber Threats with Subsequent-Gen AI Instruments
Ready to tackle new AI-driven cybersecurity challenges? Be part of our insightful webinar with Zscaler to tackle the escalating danger of generative AI in cybersecurity.
Supercharge Your Techniques
This, in switch, is rooted in the point that some web standards permit for the framing site to use visual results (i.e., SVG filters) to the iframed webpage, thereby exposing the mechanism to aspect-channel attacks by, say, computing the time discrepancies involving rendering black and white pixels and then distinguish in between them making use of the timing information and facts.
Afflicted GPUs include things like these from AMD, Apple, Arm, Intel, Nvidia, and Qualcomm. That explained, internet sites that presently deny staying embedded by cross-origin web-sites by means of X-Body-Possibilities and Written content Security Policy (CSP) procedures are not vulnerable to the pixel-thieving attack.
The conclusions appear on the back again of a associated facet-channel attack named Hot Pixels that leverages a related technique to perform “browser-centered pixel stealing and background sniffing assaults” towards Chrome and Safari web browsers.
Uncovered this report attention-grabbing? Stick to us on Twitter and LinkedIn to go through more unique articles we write-up.
Some parts of this article are sourced from:
thehackernews.com