GPUs from all six of the foremost suppliers are weak to a newly found assault that permits malicious web sites to learn the usernames, passwords, and different delicate visible information displayed by different web sites, researchers have demonstrated in a paper printed Tuesday.
The cross-origin assault permits a malicious web site from one area—say, instance.com—to successfully learn the pixels displayed by a web site from instance.org, or one other totally different area. Attackers can then reconstruct them in a manner that permits them to view the phrases or photos displayed by the latter website. This leakage violates a vital safety precept that kinds one of the elementary safety boundaries safeguarding the Web. Referred to as the similar origin coverage, it mandates that content material hosted on one web site area be remoted from all different web site domains.
Optimizing bandwidth at a value
GPU.zip, because the proof-of-concept assault has been named, begins with a malicious web site that locations a hyperlink to the webpage it needs to learn within an iframe, a standard HTML aspect that permits websites to embed adverts, photos, or different content material hosted on different web sites. Usually, the identical origin coverage prevents both website from inspecting the supply code, content material, or ultimate visible product of the opposite. The researchers discovered that information compression that each inner and discrete GPUs use to enhance efficiency acts as a facet channel that they’ll abuse to bypass the restriction and steal pixels one after the other.
“We discovered that trendy GPUs routinely attempt to compress this visible information, with none software involvement,” Yingchen Wang, the lead writer and a researcher on the College of Texas at Austin, wrote in an e-mail. “That is performed to save lots of reminiscence bandwidth and enhance efficiency. Since compressibility is information dependent, this optimization creates a facet channel which may be exploited by an attacker to disclose details about the visible information.”
For GPU.zip to work, a malicious web page should be loaded into the Chrome or Edge browsers. Underneath-the-hood variations in the best way Firefox and Safari work forestall the assault from succeeding when these browsers course of an assault web page. One other requirement is that the web page linked to within the iframe should not be configured to disclaim being embedded by cross-origin web sites.
The safety threats that may outcome when HTML is embedded in iframes on malicious web sites have been well-known for greater than a decade. Most web sites limit the cross-origin embedding of pages displaying consumer names, passwords, or different delicate content material by X-Body-Choices or Content material-Safety-Coverage headers. Not all, nonetheless, do. One instance is Wikipedia, which reveals the usernames of people that log in to their accounts. An individual who needs to stay nameless whereas visiting a website they don’t belief might be outed if it contained an iframe containing a hyperlink to https://en.wikipedia.org/wiki/Main_Page.
Wang et al.
The researchers confirmed how GPU.zip permits a malicious web site they created for his or her PoC to steal pixels one after the other for a consumer’s Wikipedia username. The assault works on GPUs supplied by Apple, Intel, AMD, Qualcomm, Arm, and Nvidia. On AMD’s Ryzen 7 4800U, GPU.zip took about half-hour to render the focused pixels with 97 % accuracy. The assault required 215 minutes to reconstruct the pixels when displayed on a system working an Intel i7-8700.
The entire GPUs analyzed use proprietary types of compression to optimize the bandwidth accessible within the reminiscence information bus of the PC, cellphone, or different system displaying the focused content material. The compression schemes differ from producer to producer and are undocumented, so the researchers reverse-engineered each. The insights yielded a technique that makes use of the SVG, or the scalable vector graphics picture format, to maximise variations in DRAM visitors between black and white goal pixels within the presence of compression. Whereas their paper discusses GPU.zip because it applies to iGPUs, or inner GPUs, the method applies equally to standalone or discrete GPUs as nicely.
Of their paper, the researchers wrote:
We show that an attacker can exploit the iGPU-based compression channel to carry out cross-origin pixel stealing assaults within the browser utilizing SVG filters (the most recent model of Google Chrome as of April 2023), although SVG filters are carried out at fixed time. The reason being that the attacker can create extremely redundant or extremely non-redundant patterns relying on a single secret pixel within the browser. As these patterns are processed by the iGPU, their various levels of redundancy trigger the lossless compression output to rely on the key pixel. The information-dependent compression output instantly interprets to data-dependent DRAM visitors and data-dependent cache occupancy. Consequently, we present that, even underneath probably the most passive risk mannequin—the place an attacker can solely observe coarse-grained redundancy info of a sample utilizing a coarse-grained timer within the browser and lacks the power to adaptively choose enter—particular person pixels may be leaked. Our proof-of-concept assault succeeds on a spread of units (together with computer systems, telephones) from a wide range of {hardware} distributors with distinct GPU architectures (Intel, AMD, Apple, Nvidia). Surprisingly, our assault additionally succeeds on discrete GPUs, and we’ve got preliminary outcomes indicating the presence of software-transparent compression on these architectures as nicely.
