nvidia Researchers at the University of California publish Side Channel attacks on Nvidia GPUs

[Athan Immortal]

Original article from UCR website

Research paper: Rendered Insecure: GPU Side Channel Attacks are Practical
Toms Hardware article about the vulnerability.

 

From the University of California, Riverside article:

 

Quote

Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications.

Quote

All three attacks require the victim to first acquire a malicious program embedded in a downloaded app. The program is designed to spy on the victim’s computer.

Quote

The first attack tracks user activity on the web. When the victim opens the malicious app, it uses OpenGL to create a spy to infer the behavior of the browser as it uses the GPU.

Quote

In the second attack, the authors extracted user passwords. Each time the user types a character, the whole password textbox is uploaded to GPU as a texture to be rendered. Monitoring the interval time of consecutive memory allocation events leaked the number of password characters and inter-keystroke timing, well-established techniques for learning passwords.

Quote

The third attack targets a computational application in the cloud. The attacker launches a malicious computational workload on the GPU which operates alongside the victim’s application. Depending on neural network parameters, the intensity and pattern of contention on the cache, memory and functional units differ over time, creating measurable leakage. The attacker uses machine learning-based classification on performance counter traces to extract the victim’s secret neural network structure, such as number of neurons in a specific layer of a deep neural network.

Quote

The researchers reported their findings to Nvidia, who responded that they intend to publish a patch that offers system administrators the option to disable access to performance counters from user-level processes. They also shared a draft of the paper with the AMD and Intel security teams to enable them to evaluate their GPUs with respect to such vulnerabilities.

 

So as of this time, the vulnerability is only known in Nvidia GPUs, however AMD and Intel have been notified to check.

 

Nvidia will be releasing a patch, I just hope it doesn't require mitigation like the Spectre and Meltdown vulnerabilities did, however it seems a more straight forward fix.

 

 

[Bananasplit_00]

well unless you catch something from an infected download, you should be fine from this. cant be run just straight from the browser so thats at least something

[TVwazhere]

TL;DR. Dont download stuff from sketchy sites and you're fine.

[Athan Immortal]

2 hours ago, TVwazhere said:

TL;DR. Dont download stuff from sketchy sites and you're fine.

True, but as it's a new threat we've not really seen GPU side attacks like this before, and something to be aware of as there could be a period where anti-malware and spyware software isn't looking for this.

[Mira Yurizaki]

I don't see how the GPU is at fault here other than the malicious attack is using the GPU to accelerate work. Theoretically any GPU can be made into this malware's proverbial bitch.

[mynameisjuan]

4 hours ago, M.Yurizaki said:

I don't see how the GPU is at fault here other than the malicious attack is using the GPU to accelerate work. Theoretically any GPU can be made into this malware's proverbial bitch.

Exactly my thoughts when reading this. 

 

I mean it says right in the article it uses OPEN GL

[Arika]

This is no different than any other virus you get from downloading sketchy shit. It just uses a different piece of hardware that it latches on to.