[ad_1]
A novel side-channel assault referred to as GPU.zip renders nearly all fashionable graphics processing items (GPU) susceptible to info leakage.
“This channel exploits an optimization that’s information dependent, software program clear, and current in almost all fashionable GPUs: graphical information compression,” a bunch of teachers from the College of Texas at Austin, Carnegie Mellon College, College of Washington, and the College of Illinois Urbana-Champaign mentioned.
Graphical information compression is a characteristic in built-in GPUs (iGPUs) that permits for saving reminiscence bandwidth and bettering efficiency when rendering frames, compressing visible information losslessly even when it isn’t requested by software program.
The research discovered that the compression, which occurs in varied vendor-specific and undocumented methods, induces data-dependent DRAM visitors and cache occupancy that may be measured utilizing a side-channel.
“An attacker can exploit the iGPU-based compression channel to carry out cross-origin pixel stealing assaults within the browser utilizing SVG filters, despite the fact that SVG filters are applied as fixed time,” the researchers mentioned.
“The reason being that the attacker can create extremely redundant or extremely non-redundant patterns relying on a single secret pixel within the browser. As these patterns are processed by the iGPU, their various levels of redundancy trigger the lossless compression output to rely upon the key pixel.”
Profitable exploitation may enable a malicious internet web page to deduce the values of particular person pixels from one other internet web page embedded in an iframe aspect within the newest model of Google Chrome, successfully circumventing important safety boundaries reminiscent of same-origin coverage (SOP).
Chrome and Microsoft Edge are significantly susceptible to the assault as a result of they permit cross-origin iframes to be loaded with cookies, allow rendering SVG filters on iframes, and delegate rendering duties to the GPU. Nevertheless, Mozilla Firefox and Apple Safari will not be impacted.
In different phrases, the GPU graphical information compression leakage channel can be utilized to steal pixels from a cross-origin iframe by “both measuring the rendering time distinction as a result of reminiscence bus competition or through the use of the LLC stroll time metric to deduce the GPU-induced CPU cache state modifications.”
A proof-of-concept (PoC) devised by the researchers found that it is attainable for a menace actor may trick a possible goal into visiting a rogue web site and be taught details about a logged-in person’s Wikipedia username.
Struggle AI with AI — Battling Cyber Threats with Subsequent-Gen AI Instruments
Able to deal with new AI-driven cybersecurity challenges? Be part of our insightful webinar with Zscaler to handle the rising menace of generative AI in cybersecurity.
This, in flip, is rooted in the truth that some internet requirements enable for the framing web page to use visible results (i.e., SVG filters) to the iframed web page, thereby exposing the mechanism to side-channel assaults by, say, computing the time variations between rendering black and white pixels after which distinguish between them utilizing the timing info.
Affected GPUs embrace these from AMD, Apple, Arm, Intel, Nvidia, and Qualcomm. That mentioned, web sites that already deny being embedded by cross-origin web sites by way of X-Body-Choices and Content material Safety Coverage (CSP) guidelines will not be vulnerable to the pixel-stealing assault.
The findings come on the again of a associated side-channel assault referred to as Sizzling Pixels that leverages the same method to conduct “browser-based pixel stealing and historical past sniffing assaults” towards Chrome and Safari internet browsers.
[ad_2]