Since the beginning of the year we have been seeing a large number of side-channel attacks developed that could leak sensitive information, with the most prominent of these vulnerabilities being somehow related to the architectural designs of modern CPUs. It turns out CPUs are not the only piece of hardware that could be used to compromise your information as researchers at the University of California, Riverside have successfully used NVIDIA GPUs to spy on web browsing activity, compromise passwords, and attack cloud-based computational applications.
The premise to the first two attacks is to access the system's graphics API, such as OpenGL, as everything you see is being rendered by you GPU. To track someone's movements on the Internet, the memory utilization is measured, and as this is based on the number of objects and sizes of everything rendered on a webpage, it is relatively unique. It is also something consistent between cached and uncached pages. By using a machine learning based classifier, the researchers were able to fingerprint websites with high accuracy. The second attack compromises passwords by recording the time between changes to the texture within a textbox. As this texture needs to be updated as each character is entered, it is possible to learn the length of a password and the inter-keystroke timing, which is an already established means of compromising passwords. Finally the researchers developed a third attack for cloud-based neural-network applications that utilize CUDA acceleration by inserting a malicious computational workload to measure performance counter traces. From this information, the attacker could learn the structure of the victim's network, which would otherwise be secret.
As the first two attacks only need to work with a graphics API, like OpenGL, WebGL, and Vulkan, potentially any user is vulnerable as these are often pre-installed on all computers. The researchers only developed their attacks with NVIDIA GPUs, and NVIDIA has said it will issue a patch to allow disabling access to performance counters for user-level applications, but a draft of the research paper has been shared with AMD and Intel to determine their products' potential vulnerability.
Back to original news post