Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Athan Immortal

Researchers at the University of California publish Side Channel attacks on Nvidia GPUs

Recommended Posts

Posted · Original PosterOP

Original article from UCR website

Research paper: Rendered Insecure: GPU Side Channel Attacks are Practical
Toms Hardware article about the vulnerability.

 

From the University of California, Riverside article:

 

Quote

Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications.

Quote

All three attacks require the victim to first acquire a malicious program embedded in a downloaded app. The program is designed to spy on the victim’s computer.

Quote

The first attack tracks user activity on the web. When the victim opens the malicious app, it uses OpenGL to create a spy to infer the behavior of the browser as it uses the GPU.

Quote

In the second attack, the authors extracted user passwords. Each time the user types a character, the whole password textbox is uploaded to GPU as a texture to be rendered. Monitoring the interval time of consecutive memory allocation events leaked the number of password characters and inter-keystroke timing, well-established techniques for learning passwords.

Quote

The third attack targets a computational application in the cloud. The attacker launches a malicious computational workload on the GPU which operates alongside the victim’s application. Depending on neural network parameters, the intensity and pattern of contention on the cache, memory and functional units differ over time, creating measurable leakage. The attacker uses machine learning-based classification on performance counter traces to extract the victim’s secret neural network structure, such as number of neurons in a specific layer of a deep neural network.

Quote

The researchers reported their findings to Nvidia, who responded that they intend to publish a patch that offers system administrators the option to disable access to performance counters from user-level processes. They also shared a draft of the paper with the AMD and Intel security teams to enable them to evaluate their GPUs with respect to such vulnerabilities.

 

So as of this time, the vulnerability is only known in Nvidia GPUs, however AMD and Intel have been notified to check.

 

Nvidia will be releasing a patch, I just hope it doesn't require mitigation like the Spectre and Meltdown vulnerabilities did, however it seems a more straight forward fix.

 

 


Athan is pronounced like Nathan without the N. <3

Link to post
Share on other sites

well unless you catch something from an infected download, you should be fine from this. cant be run just straight from the browser so thats at least something


I spent $2500 on building my PC and all i do with it is play MTGA & watch anime at 720p...

Builds:

The Toaster Project! Northern Bee! The Cassette Deck!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites

TL;DR. Dont download stuff from sketchy sites and you're fine.


"Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna

Make sure to Quote posts or tag the person with @[username] so they know you responded to them!

Purple Build Post ---  Blue Build Post --- Blue Build Post 2018 --- Project ITNOS --- P600S VS Define R6/S2

CPU i7-4790k    Motherboard Gigabyte Z97N-WIFI   RAM G.Skill Sniper DDR3 1866mhz    GPU EVGA GTX1080Ti FTW3    Case Corsair 380T   

Storage 1x Samsung EVO 250GB, WD Black 3TB, WD Black 5TB    PSU Corsair CX550M      Cooling Cryorig H7

Link to post
Share on other sites
Posted · Original PosterOP
2 hours ago, TVwazhere said:

TL;DR. Dont download stuff from sketchy sites and you're fine.

True, but as it's a new threat we've not really seen GPU side attacks like this before, and something to be aware of as there could be a period where anti-malware and spyware software isn't looking for this.


Athan is pronounced like Nathan without the N. <3

Link to post
Share on other sites
4 hours ago, M.Yurizaki said:

I don't see how the GPU is at fault here other than the malicious attack is using the GPU to accelerate work. Theoretically any GPU can be made into this malware's proverbial bitch.

Exactly my thoughts when reading this. 

 

I mean it says right in the article it uses OPEN GL

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×