Nearly all modern graphics processing units (GPUs) are vulnerable to a new type of side-channel attack that could be leveraged to obtain sensitive information, according to a team of researchers from various universities in the United States.
The new attack method, named GPU.zip, was discovered and detailed by representatives of the University of Texas at Austin, Carnegie Mellon University, University of Washington, and University of Illinois Urbana-Champaign.
The GPU.zip attack leverages hardware-based graphical data compression, an optimization in modern GPUs that is designed for improving performance.
“GPU.zip exploits software-transparent uses of compression. This is in contrast to prior compression side channels, which leak because of software-visible uses of compression and can be mitigated by disabling compression in software,” the researchers explained.
Unlike many other recently disclosed side-channel attacks, which require some sort of access to the targeted device, GPU.zip can be exploited by luring the targeted user to a malicious website. Through this attack, the attacker’s site can steal data from other websites visited at the same time by the victim.
Specifically, the method can be used by the malicious website to steal individual pixels from a different site that is open at the same time. This enables the theft of information that is visible on the screen, such as usernames, which can be used to deanonymize a user.
While websites that hold sensitive information are typically configured to prevent this type of leakage, there are some popular sites that are still vulnerable.
The researchers demonstrated the attack on Wikipedia, stealing the targeted individual’s username, which is displayed in the top corner. However, it’s worth noting that it takes a significant amount of time for the malicious site to obtain the information via a GPU.zip attack.
In two experiments conducted by the researchers it took 30 minutes and 215 minutes to obtain the Wikipedia username.
Nevertheless, developers should ensure that their websites are not vulnerable, by configuring them to deny being embedded by cross-origin sites.
Information on the findings and proof-of-concept (PoC) code was provided to AMD, Apple, Arm, Intel, Nvidia, and Qualcomm in March 2023, but none of them has committed to releasing patches as of September 2023.
The attack has been demonstrated to work on the Chrome web browser. Other widely used browsers, such as Safari and Firefox, are not impacted. Google was also notified in March 2023 about the potential risk, but the internet giant is still deciding whether and how to fix the issue, the researchers said.
Update: After publication of this article, Intel provided SecurityWeek the following statement:
“While Intel hasn’t had access to the researcher’s full paper, we assessed the researcher findings that were provided and determined the root cause is not in our GPUs but in third party software.”
Related: Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack
Related: New ‘Inception’ Side-Channel Attack Targets AMD Processors
Related: New MIT Framework Evaluates Side-Channel Attack Mitigations
