Comment on GPUs from all major suppliers are vulnerable to new pixel-stealing attack
atzanteol@sh.itjust.works 1 year ago
Isn’t this a browser vulnerability rather than a GPU one?
It’s a timing vulnerability, based on how long it takes the GPU to render the page , I think, although it’s also browser specific.
But seems low risk… at a minimum of 30 minutes to grab a username, you’d have to be sat on the same page for a while and not notice your fans ramping up…
Also, passwords seems a stretch. No (sane) site displays passwords.
Many sites have had to enable reveal passwords for people with complicated passwords not using password managers.
It's low risk, but their numbers are also coming from fairly dated hardware and is just proof of concept. It can almost certainly be speed up significantly.
I built my pc to be silent. Case and fans. I would never year the Rams ramping up. But I also use FF shrug
What about the reveal password icon people use for complicated passwords?
The problem is that so many browsers leverage hardware acceleration and offer access to the GPUs. So while browsers could fix the issue, the underlying cause is the way GPUs handle data that the attack is leveraging.
As these patterns are processed by the iGPU, their varying degrees of redundancy cause the lossless compression output to depend on the secret pixel. The data-dependent compression output directly translates to data-dependent DRAM traffic and data-dependent cache occupancy. Consequently, we show that, even under the most passive threat model—where an attacker can only observe coarse-grained redundancy information of a pattern using a coarse-grained timer in the browser and lacks the ability to adaptively select input—individual pixels can be leaked. Our proof-of-concept attack succeeds on a range of devices (including computers, phones) from a variety of hardware vendors with distinct GPU architectures (Intel, AMD, Apple, Nvidia). Surprisingly, our attack also succeeds on discrete GPUs, and we have preliminary results indicating the presence of software-transparent compression on those architectures as well.
It sounds distantly similar to some of the canvas issues where the acceleration creates different artifacts which makes it possible to identify GPUs and fingerprint the browsers.
Dadifer@lemmy.world 1 year ago
The article is saying that the gpus use a compression that is software independent and bypasses the restrictions on iFrame cross-website loading.
Sylvartas@lemmy.world 1 year ago
Common Firefox W
RizzRustbolt@lemmy.world 1 year ago
Pale Moon actually already protected against this stuff. Because the team are all crazy paranoid.
EyesEyesBaby@lemmy.world 1 year ago
In other words, this only affects Chromium based browsers.
4am@lemm.ee 1 year ago
Incredible how even Ars will dance around Google when they fuck something up.