A new security report shows that GPU cards are vulnerable to new side-channel attacks. These exploits target both individual end-users that use them in day-to-day activities and clusters that rely on GPUs for distributed computing.
GPU Cards Follow CPUs By Being Exposed to Side-Channel Attacks
Side-Channel attacks are one of the most dangerous type of vulnerabilities that target hardware components. And while most of them CPUs like the recent Portsmash bug. According to a team of security experts from the University of California in Riverside the graphics cards are now also conduits of weaknesses that can be exploited by malicious users.
By itself the GPU side-channel attack is a collection of three exploits that all operate under the same mechanism — sensitive data can be accessed by running malicious apps that feature exploit code. The reason why GPU are being used not only for calculations and rendering of graphics-related tasks. Over the years their processors have been used more and more for calculations like encryption and decryption, multimedia and etc. To a large extent a lot of sensitive data is processed through them and that makes their memory a lucrative place from where such data can be hijacked.
There are three identified weaknesses that have been found to be associated with these side-channel GPU attacks:
- Graphics Spy and Graphics Victim Model — The first attack scenario described by the team is where the malicious software makes use of the relevant API to spy on another GPU app utilizing the same graphics pipeline.
- CUDA Spy and CUDA Victim Scenario — To take advantage of this attack scenario two computing programs must be running on the same GPU. When running in this mode they will share calculations and memory on the same physical node. Using CUDA the first application can spy on the second one and extract content.
- CUDA Spy on a Graphics Victim — These attacks require only user-level privileges and can be facilitated against both desktop and mobile devices.
Using these three weaknesses the criminals can lead to a wide variety of dangerous scenarios.
GPU Side Channel Attacks: What’s Possible
One of the first attacks that can be orchestrated using this mechanism is website fingerprinting. This is made possible as most modern web browsers make use of the GPU capabilities in order to accelerate the rendering process. This allows the hackers to to access both the text and CPU-rasterized images. To make use of this attack the hackers must launch them during the GPU utilization. A malicious application that accesses the relevant Open GL code can probe the GPU memory and extract the desired contents.
Further testing has shown that careful analysis of the GPU access levels also reveals user activities. By analyzing their actions it and using a pre-designed algorithm the malicious operators can retrieve what sites are being used, as well as hijack any entered account credentials.
Another attack scenario relies on obtaining real-time information on performance metrics. Tracking the system performance can prove useful to the hackers when they are launching a concurrent complex infection.
A complete solution that can protect against these intrusion mechanisms is not yet ready. As the quoted attacks depend on CUDA which is primarily developed by NVIDIA and used in their graphics card we expect that they will release the necessary driver updates. Interested users can read the whole technical paper called “Rendered Insecure: GPU Side Channel Attacks are Practical”.