Not my pixels!
GPUs from all major suppliers are vulnerable to new pixel-stealing attack
Submitted 1 year ago by throws_lemy@lemmy.nz to technology@lemmy.world
Comments
Wahots@pawb.social 1 year ago
For GPU.zip to work, a malicious page must be loaded into the Chrome or Edge browsers. Under-the-hood differences in the way Firefox and Safari work prevent the attack from succeeding when those browsers process an attack page.
Lol, amazing.
johnyrocket@feddit.ch 1 year ago
Firefox ftw!!!
30mag@lemmy.world 1 year ago
Pixel stealing PoC for deanonymizing a user, run with other tabs open playing video. “Ground Truth” is the victim iframe (Wikipedia logged in as “Yingchenw”). “AMD” is the attack result on a Ryzen 7 4800U after 30 minutes, with 97 percent accuracy. “Intel” is the attack result for an i7-8700 after 215 minutes with 98 percent accuracy.
I guess I should take a course on threat analysis, because I don’t have a clue how to determine how dangerous this is.
originalucifer@moist.catsweat.com 1 year ago
the pixel is the just the base unit.. expand the exploit and you get 'images'. any image on the remote site... and from there you could target sites that use imaging for password/username stuff (as a method of preventing text-based exploits).
the one pixel leads to lots of nonsense
its a teeny tiny hole, but thats all you need
FunderPants@lemmy.ca 1 year ago
That and apparently a lot of time. Am I right in reading it could take hours to leak enough pixels to form an image? So to get a password the password would need to be plain text and not be moved, removed or otherwise changed for hours.
30mag@lemmy.world 1 year ago
yeah, but if it takes 215 minutes to get just a single word… I mean, I’m not going to have a webpage open for that long.
autotldr@lemmings.world [bot] 1 year ago
This is the best summary I could come up with:
The researchers found that data compression that both internal and discrete GPUs use to improve performance acts as a side channel that they can abuse to bypass the restriction and steal pixels one by one.
“We found that modern GPUs automatically try to compress this visual data, without any application involvement,” Yingchen Wang, the lead author and a researcher at the University of Texas at Austin, wrote in an email.
Most websites restrict the cross-origin embedding of pages displaying user names, passwords, or other sensitive content through X-Frame-Options or Content-Security-Policy headers.
All of the GPUs analyzed use proprietary forms of compression to optimize the bandwidth available in the memory data bus of the PC, phone, or other device displaying the targeted content.
The insights yielded a method that uses the SVG, or the scalable vector graphics image format, to maximize differences in DRAM traffic between black and white target pixels in the presence of compression.
Our proof-of-concept attack succeeds on a range of devices (including computers, phones) from a variety of hardware vendors with distinct GPU architectures (Intel, AMD, Apple, Nvidia).
The original article contains 832 words, the summary contains 181 words. Saved 78%. I’m a bot and I’m open source!
Psythik@lemm.ee 1 year ago
GPUs from all six of the major suppliers
Wait, what? Six? There’s AMD, Nvidia, and Intel. Who are the other three? Are they counting mobile chips made by Apple, Qualcomm, and Samsung as GPUs?
Schmeckinger@feddit.de 1 year ago
On top of my head there is AMD, Nvidia, Intel, ARM, Broadcom, maybe Apple.
some_guy@lemmy.sdf.org 1 year ago
The attack works on GPUs provided by Apple, Intel, AMD, Qualcomm, Arm, and Nvidia.
Even new(ish) GPUs from Apple. Sounds like a flaw in the product category, not just certain implementations.
originalucifer@moist.catsweat.com 1 year ago
on Chromium they should state. its a combo of GPU and the app failing to isolate cross-domain data.. leaking it.
Firefox is not vulnerable.. just chrome/edge, etc.
gaael@lemmy.world 1 year ago
Too bad this is not included in the title (or subtitle) !
ares35@kbin.social 1 year ago
chromium is used in a lot of things.
themoonisacheese@sh.itjust.works 1 year ago
Yes, but while electron apps are technically vulnerable, they tighly control what sites you visit and they do not hold session cookies for non-public info to be stolen.
webghost0101@sopuli.xyz 1 year ago
Including steam
dust_accelerator@discuss.tchncs.de 1 year ago
While true, that’s not the message here. While chromium is in a lot of things, browsers for everyday use (like banking etc.) is a huge part. You can’t control what services you rely on use as a basis for their software, but you can absolutely not use the software and/or opt for the website instead.
If you can reduce your exposure to that vulnerability by a large fraction by simply switching browsers with equivalent experience, it should absolutely be mentioned. In fact, it could even be seen as an obligation/core purpose of news outlets.