Hackers can use the graphics processing unit to spy on web activity, steal passwords and penetrate cloud applications – ScienceDaily

Marlan and Rosemary Bourns, Ph.D. student Hoda Naghibijouybari, and postdoctoral researcher Ajaya Neupane, along with Associate Professor Zhiyun Qian and Professor Nael Abu-Ghazaleh, reverse-engineered Nvidia GPU to demonstrate three attacks on graphic and computer media, as well as on them. The group thinks these are the first generalized secondary channel attacks on GPUs.

The three attacks require the victim to first acquire a malicious program embedded in a downloaded application. The program is designed to spy on the victim's computer.

Web browsers use GPUs to display graphics on desktops, laptops, and smartphones. GPUs are also used to accelerate cloud and data center applications. Web graphics can expose the information and the user's activity. IT workloads enhanced by the GPU include applications with sensitive data or algorithms that may be exposed to new attacks.

GPUs are usually programmed with the help of application programming interfaces, or APIs, such as OpenGL. OpenGL is accessible to any application on a workstation with user privileges, making all attacks practical on a workstation. Since libraries and graphics drivers are provided by default with desktops or laptops, the attack can be easily implemented using graphical APIs.

The first attack follows the activity of users on the Web. When the victim opens the malicious application, she uses OpenGL to create a spy to infer the behavior of the browser when using the GPU. Each website has a unique track record in terms of CPU memory usage because of the different number of objects and the different size of rendered objects. This signal is consistent when loading the same website over and over and is not affected by caching.

The researchers monitored either GPU memory allocations over time, or GPU performance counters, and then pbaded these features to an auto-learning clbadifier, allowing for an extremely accurate website footprint. The spy can reliably get all the allocation events to see what the user has done on the web.

In the second attack, the authors extracted the users' pbadwords. Each time the user types a character, the entire text box of the pbadword is loaded onto the GPU as the texture to be rendered. Monitoring the interval between consecutive memory allocation events revealed a leak in the number of pbadword characters and synchronization between keystrokes, well-established techniques for learning pbadwords.

The third attack targets a cloud computing application. The attacker launches a malicious computer workload on the GPU, which works in parallel with the victim's application. Depending on the neural network settings, the intensity and pattern of contention on cache, memory, and functional units differ over time, creating measurable leaks. The attacker uses a clbadification based on machine learning on performance traces to extract the victim's secret neural network structure, such as the number of neurons in a specific layer of a neural network deep.

The researchers shared their findings with Nvidia, which announced plans to release a patch that gives system administrators the ability to disable access to performance counters from user-level processes. They also shared a draft document with the AMD and Intel security teams to allow them to evaluate their GPUs against these vulnerabilities.

In the future, the group plans to test the feasibility of GPU-side channel attacks on Android phones.

The document, "Unsafe Render: GPU Secondary Channel Attacks are Convenient," was presented at the ACM SIGSAC Conference on Computer Security and Communications, October 15-19, 2018 in Toronto, Canada. The research was funded by grant CNS-1619450 from the National Science Foundation.

Source of the story:

Material provided by University of California – Riverside. Original written by Holly Ober. Note: Content can be changed for style and length.