Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Shorty88jr

GPUs are vulnerable to side-channel attacks (the same kinds of attacks as Meltdown and Spectre)

Recommended Posts

Posted · Original PosterOP
Quote

Computer scientists at the University of California at Riverside have found that GPUs are vulnerable to side-channel attacks, the same kinds of exploits that have impacted Intel and AMD CPUs

Well great another piece of computer hardware that has a major exploit good grief.

Quote

Two professors and two students, one a computer science doctoral student and a post-doctoral researcher, reverse-engineered a Nvidia GPU to demonstrate three attacks on both graphics and computational stacks, as well as across them. The researchers believe these are the first reported side-channel attacks on GPUs.

These attack's are done by user counters for the performance trackers on GPU's

Quote

In this case, it exploits the user counters in the GPU, which are used for performance tracking and are available in user mode, so anyone has access to them.

There are three different attack's

Quote

The first attack tracks user activity on the web, since GPUs are used to render graphics in browsers. A malicious app uses OpenGL to create a spy program to infer the behavior of the browser as it uses the GPU. The spy program can reliably obtain all allocation events of each website visited to see what the user has been doing on the web and possibly extract login credentials

 

In the second attack, the authors extracted user passwords because the GPU is used to render the login/password box. Monitoring the memory allocation events leaked allowed for keystroke logging.

 

The third attack is the one that hits the data center. It targets computational applications, using the same memory sniffing for grabbing passwords but this time on a neural network to learn the network’s structure. In short, malicious code could sniff out your neural network algorithms and steal them.

Unfortunately they say the current fix turning off access to the counters breaks alot of things. This sounds like some horrible stuff but it does need to be installed via a malicious program so just be careful what you install. 

 

Source:https://www.networkworld.com/article/3321036/gpus-are-vulnerable-to-side-channel-attacks.html

Link to post
Share on other sites

Let's see if the web ones can be dealt with using browser patches 


I spent $2500 on building my PC and all i do with it is play MTGA & watch anime at 720p...

Builds:

The Toaster Project! Northern Bee! The Cassette Deck!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites

Can i just disable browser hardware acceleration?


| Intel i7-3770@4.2Ghz | Asus Z77-V | Zotac 980 Ti Amp! Omega | DDR3 1800mhz 4GB x4 | 300GB Intel DC S3500 SSD | 512GB Plextor M5 Pro | 2x 1TB WD Blue HDD |
 | Enermax NAXN82+ 650W 80Plus Bronze | Fiio E07K | Grado SR80i | Cooler Master XB HAF EVO | Logitech G27 | Logitech G600 | CM Storm Quickfire TK | DualShock 4 |

Link to post
Share on other sites
1 hour ago, Shorty88jr said:

Well great another piece of computer hardware that has a major exploit good grief.

These attack's are done by user counters for the performance trackers on GPU's

There are three different attack's

Unfortunately they say the current fix turning off access to the counters breaks alot of things. This sounds like some horrible stuff but it does need to be installed via a malicious program so just be careful what you install. 

 

Source:https://www.networkworld.com/article/3321036/gpus-are-vulnerable-to-side-channel-attacks.html

Time to go back to the stone age.

Link to post
Share on other sites
2 hours ago, GoldenLag said:

Even if it got demonstrated on an Nvidia GPU, its smart to assume the same can be done with AMD cards.

 

Just so we dont get a:

"Apple AMD doesnt get viruses"

It actually isn't. Its smart to not assume anything and just wait for a proof of it on amd or Intel gpus.

Just like those exploits touch more Intel than amd since Intel squeezed the original idea to get as much ipc out of it, I wouldn't be surprise me to see amd and Intel gpus to be at least less impacted by those exploits for the same reason.

Link to post
Share on other sites
2 hours ago, Arika S said:

Game consoles are becoming more and more the safer option to go with 

Good luck updating BIOS on one when they do find something and there will be no means to fix it. Or people even being aware of it...

Link to post
Share on other sites
3 hours ago, Shorty88jr said:

In the second attack, the authors extracted user passwords because the GPU is used to render the login/password box. Monitoring the memory allocation events leaked allowed for keystroke logging.

To be clear, the attack allows an attacker to detect when the browser has rendered a new frame, as well as some properties of it (such as the size of the repainted area). That allows the attacker to guess, for example, that you appear to be typing into a password field. They can then measure the time between each keystroke, which has been shown to reveal some information about the keys that were pressed. It doesn't actually disclose the password, but it does reveal the length and a non-zero amount of information about the content.

 

The paper can be found at http://www.cs.ucr.edu/~zhiyunq/pub/ccs18_gpu_side_channel.pdf. It's pretty readable, though it is 15 pages (the interesting parts are pages 6-11).


I don't work for Floatplane Media, so any Floatplane comments that I make are my own and may be incorrect or in conflict with the official view.

 

For Floatplane support, please use the wizard linked in this topic

Link to post
Share on other sites
2 hours ago, Arika S said:

Game consoles are becoming more and more the safer option to go with 

They have GPUs too


sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux F.A.Q Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites
2 hours ago, Sauron said:

They have GPUs too

Yes but their operating systems are more locked down in terms of what the user can and can't do.


How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

Xiaomi Pocophone F1 6GB RAM 128GB Storage (Mid 2019 to present)

Samaritan XL (Early 2018 - present with GPU upgrades) - AMD Ryzen 7 1700X (8C/16T) , MSI X370 Gaming Pro Carbon, Corsair 16GB DDR4-3200MHz ,  Asus ROG Strix RX Vega 56 , Corsair RM850i PSU, Corsair H100i v2 CPU Cooler, Samsung 860 EVO 500GB SSD, Seagate BarraCuda 2TB HDD (2018), Seagate BarraCuda 1TB HDD (2014), NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML 140 Pro

Link to post
Share on other sites
2 minutes ago, AluminiumTech said:

Yes but their operating systems are more locked down in terms of what the user can and can't do.

I wouldn't consider that a positive. A brick is very secure, but not very useful.


sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux F.A.Q Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites
5 hours ago, GoldenLag said:

Even if it got demonstrated on an Nvidia GPU, its smart to assume the same can be done with AMD cards.

 

Just so we dont get a:

"Apple AMD doesnt get viruses"

AMD doesn't get viruses tho :D.

 

They weren't affected by Meltdown and they weren't really affected with Spectre except for old obsolete stuff.


How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill

Xiaomi Pocophone F1 6GB RAM 128GB Storage (Mid 2019 to present)

Samaritan XL (Early 2018 - present with GPU upgrades) - AMD Ryzen 7 1700X (8C/16T) , MSI X370 Gaming Pro Carbon, Corsair 16GB DDR4-3200MHz ,  Asus ROG Strix RX Vega 56 , Corsair RM850i PSU, Corsair H100i v2 CPU Cooler, Samsung 860 EVO 500GB SSD, Seagate BarraCuda 2TB HDD (2018), Seagate BarraCuda 1TB HDD (2014), NZXT S340 Elite, Corsair ML 120 Pro, Corsair ML 140 Pro

Link to post
Share on other sites
2 minutes ago, AluminiumTech said:

AMD doesn't get viruses tho :D.

 

They weren't affected by Meltdown and they weren't really affected with Spectre except for old obsolete stuff.

would be interesting if both AMD and Intel were safe, but i would assume they arent. 

Link to post
Share on other sites
18 minutes ago, Sauron said:

I wouldn't consider that a positive

in the case of this exploit it absolutely is, also who is browsing the internet on a console?

 

Edit; this is also 5 month old news at this point. pretty sure we would have heard more about it if it really was a big deal

Link to post
Share on other sites
30 minutes ago, Arika S said:

in the case of this exploit it absolutely is, also who is browsing the internet on a console?

Probably more people than you think. Besides, nothing's stopping a game developer from taking advantage of this - the games are closed source and I doubt Sony runs sufficiently thorough tests to catch a side channel attack in something like this.

 

It's also worth noting that accidentally downloading and installing malicious software believing it to be something else is almost exclusively a Windows problem - not something inherent to using a pc. Still, if all you do is play games from trusted stores and browse the web (which is all you can do on a console) you're unlikely to be affected.

30 minutes ago, Arika S said:

Edit; this is also 5 month old news at this point. pretty sure we would have heard more about it if it really was a big deal

There hasn't been a single reported instance of spectre being exploited in the wild, that doesn't make it any less serious.


sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux F.A.Q Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites
6 hours ago, xAcid9 said:

Can i just disable browser hardware acceleration?

I do anyway, as it always causing hitching in some games for me, with multi-monitor and some sites like Netflix open.


5820K 4.0GHz | NH D15S | 32 GB RAM | Titan V | ASUS PG348Q+MG278Q

 

Link to post
Share on other sites
6 hours ago, GoldenLag said:

Even if it got demonstrated on an Nvidia GPU, its smart to assume the same can be done with AMD cards.

 

Just so we dont get a:

"Apple AMD doesnt get viruses"

the way amd handles the tasks in the gpu is not even close to similar, so we can't say one way or another

Link to post
Share on other sites

Didn't nvidia say they were safe from meltdown?

 

Tdlr be nice right now but how is this vulnerability working 

Too Busy at work atm

Link to post
Share on other sites
5 minutes ago, cj09beira said:

the way amd handles the tasks in the gpu is not even close to similar, so we can't say one way or another

But if it is done through API we can assume those variants can be used on any GPU. 

 

I would say my default possition in these scenarios are to assume that they are applicable to some level on other hardware

Link to post
Share on other sites
15 minutes ago, cj09beira said:

the way amd handles the tasks in the gpu is not even close to similar, so we can't say one way or another

Based on my understanding of the attack from the paper, I suspect that the OpenGL->OpenGL attack still applies to AMD cards (and likely unreleased Intel discrete cards too), although they didn't test it in the paper. The attack is about detecting memory allocations performed by other threads, and using that as a side channel to fingerprint certain activities, which is not likely to be dependent on the GPU architecture. It's entirely possible that more accurate data can be obtained with one manufacturer over another because of scheduling and the like, but I think it's likely that this is a general problem with all graphics architectures.

 

This is just speculation though.


I don't work for Floatplane Media, so any Floatplane comments that I make are my own and may be incorrect or in conflict with the official view.

 

For Floatplane support, please use the wizard linked in this topic

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×