Cyber attack: Researchers stole the cached, compressed GPU graphics data values from a browser using side channel analysis, reconstructed them using machine learning (ML), and thus obtained website login data and other sensitive data. How the whole thing works sounds shockingly simple - but you can also protect yourself!
In a research paper, researchers from Austin Texas, Carnegie Mellon, Washington and Illinois Urbana-Champaign universities present a method for carrying out a side-channel attack on graphics card GPUs that can be used to obtain sensitive information from running programs. This “pixel theft” and their values – artifacts – takes place, for example, via a user’s browser.
This is how the attack works using GPU data
The attacker can measure graphics artifacts using side-channel analysis. Side channel analysis is a technique that allows an attacker to obtain information about a system without having direct access to that system. The attacker obtains the data by measuring the compression artifacts that arise when graphics data is compressed using a decoy site on the Internet. These artifacts are data dependent, meaning they depend on the data being compressed.
The attack evaluated the compressed data values and created a machine learning model that can predict the further memory access patterns of a target program with high accuracy. Once the target program's memory access patterns were available, they were used to extract sensitive information, such as: E.g. passwords, encryption keys or credit card numbers. The authors have shown that this attack works with high accuracy. They were able to steal sensitive data from a variety of applications, including web browsers, video games and cryptographic libraries.
Graphics data analyzed using SVG filters
The authors ran their attack on a variety of GPU-based applications, showing that it works with high accuracy. Their attack poses a significant threat to the security of GPU-based systems. And it worked like this:
- The attacker lures a user to a website that has been equipped with an SVG filter
- This SVG filter extracts “all” existing compressed graphics data values, including those that come from other domains.
- The attacker's GPU now compresses the graphics data on a hardware-based basis.
- Compression results in data-dependent DRAM traffic and cache usage.
- The attacker uses side channel analysis to measure DRAM traffic and GPU cache usage.
- The attacker uses machine learning to reconstruct all captured compressed graphics data values from the measured data.
- For example, the reconstructed graphic files could contain an image of a password or other sensitive data item.
This explanation is of course very simple and therefore perhaps not presented entirely correctly. The scientists Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy R. Vasquez, David Kohlbrenner, Hovav Shacham and Christopher W. Fletcher provide a scientific analysis of all steps in a 6-page PDF white paper.
This is how you can protect yourself against these GPU attacks
To protect against this type of attack, the authors recommend the following steps for companies and organizations:
- Disable GPUs' use of hardware-based compression. This is the most effective mitigation measure as it completely prevents the attack.
- Keep the use of compressed graphics data to a minimum. This reduces the likelihood that an attacker can steal sensitive data.
- The use of side-channel attack detection and mitigation measures. These measures can help make the attack more difficult or prevent it.
The corresponding white paper “GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression” is available for download on the Internet.
Directly to the PDF on Hertzbleed.com