Researchers from the University of California, Riverside have revealed a new attack based on the side-channel concept that has been plaguing CPU manufacturers for the past year, in which a system's graphics processing unit (GPU) can be used to steal privileged data up to and including passwords.
Detailed in the paper 'Rendered Insecure: GPU Side Channel Attacks are Practical', the work by Hoda Naghibijouybari, Zhiyun Qian, Ajaya Neupane, and Nael Abu-Ghazaleh builds on vulnerabilities like PortSmash, Foreshadow, SpectreRSB, TLBleed, Lazy FP, and the better-known Meltdown and Spectre vulnerabilities which exploit flaws in the design of modern processors to obtain or infer the contents of supposedly-protected memory. Where previous attacks have focused solely on the CPU, with Nvidia going so far as to specifically state its products were not affected by Spectre, the team's work extends the concept to GPUs - and with, unfortunately, considerable success.
'We demonstrate a series of end-to-end GPU side channel attacks covering the different threat scenarios on both graphics and computational stacks, as well as across them,' the team explain of their paper. 'The first attack implements website fingerprinting through GPU memory utilisation API or GPU performance counters. We extend this attack to track user activities as they interact with a website or type characters on a keyboard. We can accurately track re-rendering events on GPU and measure the timing of keystrokes as they type characters in a textbox (e.g., a password box), making it possible to carry out keystroke timing analysis to infer the characters being typed by the user.
'A second attack uses a CUDA spy to infer the internal structure of a neural network application from the Rodinia benchmark, demonstrating that these attacks are also dangerous on the cloud. We believe that this class of attacks represents a substantial new threat targeting sensitive GPU-accelerated computational (e.g. deep neural networks) and graphics (e.g. web browsers) workloads. Our attacks demonstrate that side channel vulnerabilities are not restricted to the CPU. Any shared component within a system can leak information as contention arises between applications that share a resource. Given the wide-spread use of GPUs, we believe that they are an especially important component to secure.'
The attacks, though, come with the promise of potential mitigations, including limiting the rate of access to the application programming interfaces (APIs) responsible to reduce the precision of the leaked information from which private data can be inferred, a technique which the researchers found to 'substantially reduce the effectiveness of the attack, to the point where the attacks are no longer effective.'
The team has confirmed that the attacks are possible on Nvidia graphics cards, while the non-CUDA attacks are also possible against AMD graphics cards. Both companies have been informed of the flaw, and are believed to be working on patches. A pre-print copy of the paper, meanwhile, is available now (PDF warning).