Blinking Robots
Now Reading
GPUs from all main suppliers are susceptible to new pixel-stealing assault
Blinking Robots
Blinking Robots
Exploring the Way forward for CSS: A Deep Dive into Revolutionary Styling Methods
Korean Air Takes Off with a Contemporary New Look (Much less Than 100 Characters)
Enhancing CSS Effectivity with Logical Shorthands
The Dying of Coding Jobs: How AI, No-Code, and Company Greed Are Killing the Trade
Reviving the Senses: Reimagining Digital Interfaces for a Extra Partaking Expertise
Revisiting CSS border-image (Unlocking Artistic Potential)
Understanding the Distinction Between :is() and :the place() Pseudo-selectors
Zeroheight Releases Its Design Techniques Report 2025
Revolutionizing Net Design: The Important Instruments for 2025 and Past
Exploring Superior Methods for Styling Counters in CSS (Much less Than 100 Characters)
Breadcrumbs Are Lifeless in Net Design (Much less Than 100 Characters)
The Loss of life of Google Search: Is the Search Engine on Its Final Legs?

GPUs from all main suppliers are susceptible to new pixel-stealing assault

by
September 26, 2023
2023-09-26 12:52:45

GPUs from all major suppliers are vulnerable to new pixel-stealing attack

GPUs from all six of the most important suppliers are susceptible to a newly found assault that permits malicious web sites to learn the usernames, passwords, and different delicate visible knowledge displayed by different web sites, researchers have demonstrated in a paper revealed Tuesday.

The cross-origin assault permits a malicious web site from one area—say, instance.com—to successfully learn the pixels displayed by an internet site from instance.org, or one other completely different area. Attackers can then reconstruct them in a approach that permits them to view the phrases or photographs displayed by the latter web site. This leakage violates a vital safety precept that varieties one of the crucial elementary safety boundaries safeguarding the Web. Referred to as the same origin policy, it mandates that content material hosted on one web site area be remoted from all different web site domains.

Optimizing bandwidth at a value

GPU.zip, because the proof-of-concept assault has been named, begins with a malicious web site that locations a hyperlink to the webpage it needs to learn within an iframe, a typical HTML component that permits websites to embed advertisements, photographs, or different content material hosted on different web sites. Usually, the identical origin coverage prevents both web site from inspecting the supply code, content material, or remaining visible product of the opposite. The researchers discovered that knowledge compression that each inside and discrete GPUs use to enhance efficiency acts as a side channel that they will abuse to bypass the restriction and steal pixels one after the other.

“We discovered that fashionable GPUs mechanically attempt to compress this visible knowledge, with none software involvement,” Yingchen Wang, the lead writer and a researcher on the College of Texas at Austin, wrote in an e-mail. “That is finished to save lots of reminiscence bandwidth and enhance efficiency. Since compressibility is knowledge dependent, this optimization creates a facet channel which could be exploited by an attacker to disclose details about the visible knowledge.”

For GPU.zip to work, a malicious web page should be loaded into the Chrome or Edge browsers. Underneath-the-hood variations in the way in which Firefox and Safari work forestall the assault from succeeding when these browsers course of an assault web page. One other requirement is that the web page linked to within the iframe should not be configured to disclaim being embedded by cross-origin web sites.

The safety threats that may consequence when HTML is embedded in iframes on malicious web sites have been well-known for greater than a decade. Most web sites restrict the cross-origin embedding of pages displaying person names, passwords, or different delicate content material by means of X-Body-Choices or Content material-Safety-Coverage headers. Not all, nevertheless, do. One instance is Wikipedia, which reveals the usernames of people that log in to their accounts. An individual who needs to stay nameless whereas visiting a web site they don’t belief might be outed if it contained an iframe containing a hyperlink to https://en.wikipedia.org/wiki/Main_Page.

Pixel stealing PoC for deanonymizing a user, run with other tabs open playing video. “Ground Truth” is the victim iframe (Wikipedia logged in as “Yingchenw”). “AMD” is the attack result on a Ryzen 7 4800U after 30 minutes, with 97 percent accuracy. “Intel” is the attack result for an i7-8700 after 215 minutes with 98 percent accuracy.
Enlarge / Pixel stealing PoC for deanonymizing a person, run with different tabs open taking part in video. “Floor Reality” is the sufferer iframe (Wikipedia logged in as “Yingchenw”). “AMD” is the assault consequence on a Ryzen 7 4800U after half-hour, with 97 p.c accuracy. “Intel” is the assault consequence for an i7-8700 after 215 minutes with 98 p.c accuracy.

Wang et al.

The researchers confirmed how GPU.zip permits a malicious web site they created for his or her PoC to steal pixels one after the other for a person’s Wikipedia username. The assault works on GPUs supplied by Apple, Intel, AMD, Qualcomm, Arm, and Nvidia. On AMD’s Ryzen 7 4800U, GPU.zip took about half-hour to render the focused pixels with 97 p.c accuracy. The assault required 215 minutes to reconstruct the pixels when displayed on a system working an Intel i7-8700.

The entire GPUs analyzed use proprietary types of compression to optimize the bandwidth accessible within the reminiscence knowledge bus of the PC, cellphone, or different machine displaying the focused content material. The compression schemes differ from producer to producer and are undocumented, so the researchers reverse-engineered every one. The insights yielded a technique that makes use of the SVG, or the scalable vector graphics picture format, to maximise variations in DRAM visitors between black and white goal pixels within the presence of compression. Whereas their paper discusses GPU.zip because it applies to iGPUs, or inside GPUs, the method applies equally to standalone or discrete GPUs as properly.

Of their paper, the researchers wrote:

We display that an attacker can exploit the iGPU-based compression channel to carry out cross-origin pixel stealing assaults within the browser utilizing SVG filters (the most recent model of Google Chrome as of April 2023), although SVG filters are carried out at fixed time. The reason being that the attacker can create extremely redundant or extremely non-redundant patterns relying on a single secret pixel within the browser. As these patterns are processed by the iGPU, their various levels of redundancy trigger the lossless compression output to rely on the key pixel. The info-dependent compression output immediately interprets to data-dependent DRAM visitors and data-dependent cache occupancy. Consequently, we present that, even below essentially the most passive menace mannequin—the place an attacker can solely observe coarse-grained redundancy info of a sample utilizing a coarse-grained timer within the browser and lacks the flexibility to adaptively choose enter—particular person pixels could be leaked. Our proof-of-concept assault succeeds on a variety of units (together with computer systems, telephones) from a wide range of {hardware} distributors with distinct GPU architectures (Intel, AMD, Apple, Nvidia). Surprisingly, our assault additionally succeeds on discrete GPUs, and we’ve preliminary outcomes indicating the presence of software-transparent compression on these architectures as properly.

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

Blinking Robots

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top