Graphics processing units (GPUs) from almost all the major manufacturers are vulnerable to cross-origin attacks, potentially exposing user data to malicious websites.
Security researchers from the University of Texas at Austin, Carnegie Mellon University, the University of Washington, and the University of Illinois Urbana-Champaign have detailed the attack. They will also present a paper titled ‘GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression’ in the 45th IEEE Symposium on Security and Privacy, held in San Franciso between 20-23 May 2024.
The cross-origin attack, or GPU.zip, enables malicious websites to read sensitive visual data displayed by other websites, including usernames and passwords. This breach of security principles violates the same-origin policy, a fundamental safeguard of the internet, which mandates the isolation of content from different website domains.
GPU.zip takes advantage of data compression techniques used by both internal and discrete GPUs to enhance performance. By abusing this compression as a side channel, attackers can steal pixels individually, allowing them to view the contents of a targeted website. A malicious webpage must be loaded into the Chrome or Edge browsers to execute the attack successfully, as differences in Firefox and Safari’s behaviour prevent the attack. Additionally, the targeted webpage should not deny cross-origin embedding.
“We found that modern GPUs automatically try to compress this visual data without any application involvement,” lead researcher Yingchen Wang told Ars Technica.” This is done to save memory bandwidth and improve performance. Since compressibility is data dependent, this optimisation creates a side channel an attacker can exploit to reveal information about the visual data.”
While these attacks involving iframes within malicious websites have been known for some time, not all websites implement security headers like X-Frame-Options or Content-Security-Policy to restrict cross-origin embedding. Some notable sites, such as Wikipedia, display usernames even when embedded in iframes, potentially exposing user information.
The researchers behind GPU.zip demonstrated its effectiveness on GPUs from leading manufacturers, including Apple, Intel, AMD, Qualcomm, Arm and Nvidia. The attack’s speed and accuracy varied based on the hardware used but indicated that proprietary compression methods employed by GPU manufacturers present a vulnerability that could be exploited. The researchers discussed the attack’s applicability to integrated and discrete GPUs, emphasising its potential implications.
“Widely adopted headers can prevent sites from being embedded, which prevents this attack, and sites using the default
SameSite=Lax cookie behaviour receive significant mitigation against leaked personalised data. These protections and the difficulty and time required to exploit this behaviour significantly mitigate the threat to everyday users. We are in communication and are actively engaging with the reporting researchers,” said a Google representative.
On the other hand, Intel blamed the third-party software for the problem. The chipmaker “assessed the researcher findings and determined the root cause is not in our GPUs but third-party software”.
“The issue isn’t in our threat model as it more directly affects the browser and can be resolved by the browser application if warranted, so no changes are currently planned,” said Qualcomm.
Although the immediate threat of GPU.zip appears low, the research highlights the need for secure hardware and software design. Major browser developers like Google and Microsoft are considering mitigating this issue, but users should also be cautious when visiting websites that may lack security headers.
Researchers argue that such vulnerabilities may extend beyond pixel theft and call for reevaluating hardware as a root of trust, emphasising the importance of robust security measures in an ever-evolving digital landscape.