By Qubit
I never imagined that GPUs could leak passwords these days.
Products from six mainstream companies have been affected, ranging from Nvidia, Intel, AMD, to Qualcomm, Apple, and ARM. Even mobile phones and computers are not affected.
And it is not leaked when processing AI and big data tasks, but when processing graphics tasks and rendering web pages.
The new attack method is called pixel stealing and was proposed by research teams such as the University of Texas at Austin.
The research will be presented at the 45th IEEE Security and Privacy Symposium in 2024, but the paper and code are now open source.
Compressed data pot
The proof-of-concept attack developed by the researchers is called GPU.zip .
The method is to embed an iframe tag in a malicious website to obtain the content of the embedded website, such as images of usernames, passwords and other sensitive data.
Generally speaking, the browser’s same-origin policy will prevent this behavior.
However, a data compression method used by almost all modern GPUs is not subject to this restriction.
This compression method is used by both core and independent graphics cards. The main purpose is to save memory bandwidth and improve performance. It does not require the participation of applications, so it is not restricted by application rules.
After the research team reverse-engineers the compression algorithms of different GPUs, they can then “decompress” the data.
The attack idea is very exciting, measuring the rendering time or cache state changes of the applied filter.
If the target pixel is white, the filter result is incompressible and the rendering time is long; if it is black, the filter result is compressible and the rendering time is short.
Determine the color of the target pixel through the time difference, complete the cross-domain acquisition of pixels, and finally obtain all pixels one by one to reconstruct the complete information of the victim page.
In the experiment, it took 30 minutes on AMD’s Ryzen 7 4800U to render the target pixel with 97% accuracy.
It takes 215 minutes on Intel i7-8700 and has an accuracy of 98.3%.
It is very accurate, and it is not afraid of system noise interference, but fortunately, the attack takes a long time.
NVIDIA, Qualcomm: Not under our control
To achieve this attack, the browser needs to meet three conditions.
-
Allow cross-origin iframe cookies to be loaded
-
Allow rendering of SVG filters on iframes
-
Offload rendering tasks to the GPU
Among the mainstream browsers that meet all the conditions and are more dangerous, Chrome and Edge, Safari and Firefox are immune to this attack.
Based on this, both Nvidia and Qualcomm said they have no plans to make any fixes.
A spokesperson for Nvidia said it “has evaluated the findings provided by the researchers and determined that the root cause is not in our GPUs, but rather in third-party software.”
A Qualcomm spokesperson said, “This issue is not in our threat model because it affects the browser more directly and can be resolved by the browser application if necessary, so no changes are currently planned.”
As of press time, Nvidia, Apple, AMD and ARM had not provided formal comments.
Google Chrome has not decided whether to patch it, but said it is communicating with the research team and actively participating.
For website developers, if they want to avoid this attack, they need to restrict sensitive pages from being embedded in cross-origin websites.
This can be achieved by setting X-Frame-Options or Content-Security-Policy in the HTTP response header.
So as a user, should you worry about being attacked by this kind of attack?
Researchers’ tests found that most sensitive websites have been denied embedding by cross-origin sites, and one large site that was vulnerable was Wikipedia.
Some netizens also proposed a more thorough solution. Anyway, iframes are used less and less, so why not cancel them?