Researchers from 4 American universities have developed a brand new GPU side-channel assault that leverages knowledge compression to leak delicate visible knowledge from fashionable graphics playing cards when visiting internet pages.
The researchers have demonstrated the effectiveness of this ‘GPU.zip’ assault by performing cross-origin SVG filter pixel-stealing assaults by means of the Chrome browser.
The researchers disclosed the vulnerability to impacted video card producers in March 2023. Nonetheless, as of September 2023, no affected GPU distributors (AMD, Apple, Arm, NVIDIA, Qualcomm) or Google (Chrome) have rolled out patches to handle the issue.
The brand new flaw is printed in a paper from researchers on the College of Texas at Austin, Carnegie Mellon College, College of Washington, and College of Illinois Urbana-Champaign and can seem within the forty fifth IEEE Symposium on Safety and Privateness.
Leaking by means of compression
Typically, knowledge compression creates distinct data-dependent DRAM visitors and cache utilization, which will be abused for leaking secrets and techniques, so software program turns off compression when dealing with delicate knowledge.
The GPU.zip researchers clarify that every one fashionable graphic processor items, particularly built-in Intel and AMD chips, carry out software-visible knowledge compression even when not explicitly requested.
Trendy GPUs observe this dangerous observe as an optimization technique, because it helps save on reminiscence bandwidth and enhance efficiency with out software program.
This compression is usually undocumented and vendor-specific, and the researchers have discovered a technique to exploit it to leak visible knowledge from GPUs.
Particularly, they demonstrated an assault that extracts particular person pixel knowledge by means of an online browser on varied gadgets and GPU architectures, as proven beneath.
The proof-of-concept assault demonstrates stealing the username from a Wikipedia iframe, which is feasible inside half-hour on Ryzen and 215 minutes on Intel GPUs, at accuracies of 97% and 98.3%, respectively.
The iframe hosts a cross-origin webpage whose pixels are remoted and become binary, that means they’re transformed into two doable colours.
Subsequent, these pixels are enlarged, and a specialised SVG filter stack is utilized to create textures which can be both compressible or not. By measuring the time taken for the feel to render, the researchers can deduce the unique shade/state of the goal pixel.
Now we have just lately seen the appliance of SVG filters to induce data-dependent execution and the usage of JavaScript to measure computation time and frequency to discern the pixel’s shade on the “Sizzling Pixels” assault.
Whereas Sizzling Pixels exploits data-dependent computation instances on fashionable processors, GPU.zip hinges on undocumented GPU knowledge compression to realize comparable outcomes.
GPU.zip severity
GPU.zip impacts nearly all main GPU producers, together with AMD, Apple, Arm, Intel, Qualcomm, and NVIDIA, however not all playing cards are equally affected.
The truth that not one of the impacted distributors have determined to repair the problem by optimizing their knowledge compression strategy and limiting its operation to non-sensitive instances additional raises the danger.
Though GPU.zip probably impacts the overwhelming majority of laptops, smartphones, tablets, and desktop PCs worldwide, the rapid influence on customers is moderated by the complexity and time required to carry out the assault.
Additionally, web sites that deny cross-origin iframe embedding can’t be used for leaking person knowledge by means of this or comparable side-channel assaults.
“Most delicate web sites already deny being embedded by cross-origin web sites. Because of this, they don’t seem to be weak to the pixel stealing assault we mounted utilizing GPU.zip,” explains the researchers in a FAQ on the staff’s web site.
Lastly, the researchers observe that Firefox and Safari don’t meet all the factors wanted for GPU.zip to work, reminiscent of permitting cross-origin iframes to be loaded with cookies, rendering SVG filters on iframes, and delegating rendering duties to the GPU.
Replace 9/28 – An Intel spokesperson has despatched BleepingComputer the next remark relating to the GPU.zip danger and its influence on the agency’s merchandise:
Whereas Intel hasn’t had entry to the researcher’s full paper, we assessed the researcher findings that had been supplied and decided the foundation trigger isn’t in our GPUs however in third celebration software program.
