A team of researchers from several US universities has developed a new side-channel attack technique that allows them to recreate visual information processed in the GPU. Using the proposed method, called GPU.zip, an attacker can determine the information displayed on the screen. Among other things, the attack can be carried out through a web browser, for example, demonstrating how a malicious web page opened in Chrome can obtain information about the pixels displayed when rendering another web page opened in the same browser.
The source of information leakage is the optimization used in modern GPUs that provides compression of graphic data. The problem occurs when using compression on all integrated GPUs tested (AMD, Apple, ARM, Intel, Qualcomm) and NVIDIA discrete graphics cards. At the same time, the researchers found that integrated Intel and AMD GPUs always enable graphics data compression, even if the application does not specifically request the use of such optimization. The use of compression causes DRAM traffic and cache load to correlate with the nature of the data being processed, which can be reconstructed pixel-by-pixel through side-channel analysis.
The method is quite slow, for example, on a system with an integrated AMD Ryzen 7 4800U GPU, an attack to determine the name under which the user logged into Wikipedia in another tab took 30 minutes and allowed the contents of the pixels to be determined with 97% accuracy. On systems with an integrated Intel i7-8700 GPU, a similar attack took 215 minutes with an accuracy of 98%.
When conducting an attack through a browser, the target site cycles through an iframe to initiate rendering. To determine what information is displayed, the iframe output is converted to a black-and-white representation, to which an SVG filter is applied, which performs a sequential overlay of masks that introduce and do not introduce much redundancy during compression. Based on an assessment of changes in the drawing time of reference samples, the presence of dark or light pixels in a certain position is highlighted. The overall image is reconstructed through sequential pixel-by-pixel inspection using similar masks.
GPU and browser manufacturers were notified of the problem in March, but no vendor has yet produced a fix, as the attack is questionable in practice under less-than-ideal conditions and the problem is of more theoretical interest. Google has not yet decided whether to block the attack at the Chrome browser level. Chrome is vulnerable because it allows loading an iframe from another site without clearing the Cookie, allows SVG filters to be applied to the iframe, and delegates rendering to the GPU. Firefox and Safari are not affected by the vulnerability because they do not meet these criteria. The attack also does not apply to sites that prohibit embedding via iframe on other sites (for example, by setting the X-Frame-Options HTTP header to the value “SAMEORIGIN” or “DENY”, as well as through access settings using the Content-Security-Policy header ).
Source: opennet.ru