Jump to content

GPUs are vulnerable to side-channel attacks (the same kinds of attacks as Meltdown and Spectre)

Fasterthannothing
By Fasterthannothing
in Tech News
 Share
Posted
5 hours ago, colonel_mortis said:

To be clear, the attack allows an attacker to detect when the browser has rendered a new frame, as well as some properties of it (such as the size of the repainted area). That allows the attacker to guess, for example, that you appear to be typing into a password field. They can then measure the time between each keystroke, which has been shown to reveal some information about the keys that were pressed. It doesn't actually disclose the password, but it does reveal the length and a non-zero amount of information about the content.

 

The paper can be found at http://www.cs.ucr.edu/~zhiyunq/pub/ccs18_gpu_side_channel.pdf. It's pretty readable, though it is 15 pages (the interesting parts are pages 6-11).

Yes. This is the thing about side channel attacks. They are all about math and statistics. You can then, practically, side channel anything that is "useable". As to be useable, it needs some form of quick access. Accessing quickly, means you get some form of data quickly. Then you can do timing "channel" attacks.

 

Mitigating it all is hard. And the best you can do is make it take too long. As with 256bit keys etc meaning it takes "heat death of the universe" to crack... or a 2000 bit q-bit computer. XD

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

How great, two of the main processor components can be vulnerable hardware side. Hopefully and eventually everything gets fixed on hardware level so we don't have to worry about this.

| Ryzen 7 7800X3D | AM5 B650 Aorus Elite AX | G.Skill Trident Z5 Neo RGB DDR5 32GB 6000MHz C30 | Sapphire PULSE Radeon RX 7900 XTX | Samsung 990 PRO 1TB with heatsink | Arctic Liquid Freezer II 360 | Seasonic Focus GX-850 | Lian Li Lanccool III | Mousepad: Skypad 3.0 XL / Zowie GTF-X | Mouse: Zowie S1-C | Keyboard: Ducky One 3 TKL (Cherry MX-Speed-Silver)Beyerdynamic MMX 300 (2nd Gen) | Acer XV272U | OS: Windows 11 |

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
11 minutes ago, Doobeedoo said:

How great, two of the main processor components can be vulnerable hardware side. Hopefully and eventually everything gets fixed on hardware level so we don't have to worry about this.

 

There's really no point in worrying about it anyway,  All hardware and software is exploitable in someway.  The only difference is we know about this one.

 

Someone earlier smartly likened it to the worm in the apple problem,  if you get half way through eating an apple, what's worse? discovering half a worm, a whole worm or no worm?

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, mr moose said:

 

There's really no point in worrying about it anyway,  All hardware and software is exploitable in someway.  The only difference is we know about this one.

 

Someone earlier smartly likened it to the worm in the apple problem,  if you get half way through eating an apple, what's worse? discovering half a worm, a whole worm or no worm?

yup and look how this is worded here from op

 

 

A malicious app uses OpenGL to create a spy program to infer the behavior of the browser as it uses the GPU. The spy program can reliably obtain all allocation events of each website visited to see what the user has been doing on the web and possibly extract login credentials

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×