Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hot Pixels: Browser Privacy Breach

May 30, 2023
Reading Time: 2 mins read
in Alerts
Hot Pixels: Browser Privacy Breach

 

A team of researchers from Georgia Tech, the University of Michigan, and Ruhr University Bochum has developed a novel attack known as “Hot Pixels” that can retrieve pixel information from a target’s browser and infer their navigation history.

This attack takes advantage of data-dependent computation times on modern system-on-a-chip (SoCs) and graphics processing units (GPUs) to extract information from visited web pages, even when side-channel countermeasures are enabled. The researchers found that distinct behavior patterns exhibited by processors, such as power consumption and heat dissipation, can be easily detected through internal sensor measurements, allowing for accurate determination of viewed content with an accuracy rate as high as 94%.

The study specifically focused on analyzing frequency, power, and temperature measurements on various modern devices to map CPU behavior. Passively cooled processors were found to leak information through power and frequency, while actively cooled chips leaked data through temperature and power readings. The researchers conducted experiments using different devices, including Apple M1 chips, Cortex-X1 Arm cores, and Qualcomm Snapdragon 8 Gen 1, and correlated their workloads with distinguishable frequency and power consumption metrics.

They also investigated data-dependent leakage channels on discreet and integrated GPUs, such as Apple’s M1 and M2, AMD Radeon RX 6600, Nvidia GeForce RTX 3060, and Intel Iris Xe.

The “Hot Pixels” attack was tested on the default configurations of Chrome 108 and Safari 16.2, the latest versions available at the time of the study. By constraining the power and temperature of the CPUs, the attack could leak data about the color of pixels displayed on the target’s screen through the processor’s frequency.

This attack mechanism utilized SVG filters to induce data-dependent execution on the target’s CPU or GPU, and JavaScript was used to measure computation time and frequency to infer the pixel color. The researchers employed an iframe element in an attacker-controlled page to steal pixels from an unaffiliated target site, using an SVG filter to compute the iframe’s contents and measure the rendering times.

Although Safari was not vulnerable to the same attack that leaked sensitive data, the researchers discovered a sub-type of the Hot Pixels attack that could compromise user privacy by sniffing their browsing history. By placing links to sensitive pages on an attacker-controlled site and using the SVG filtering technique, the color of hyperlinks could be inferred.

The researchers found that visited sites had different hyperlink colors than those the target had not visited, enabling them to apply the basic Hot Pixels principles to infer the target’s browsing history. The accuracy of the data stolen in this attack reached 99.3% on iPhone 13, with a recovery rate of 183 seconds per 50 hyperlinks.

The researchers disclosed their findings to Apple, Nvidia, AMD, Qualcomm, Intel, and Google in March, and all vendors acknowledged the issues and are actively working to mitigate them.

Proposed solutions include restricting the use of SVG filters on iframes in the HTML standard, implementing cookie isolation mechanisms like those found in Safari to prevent loading cookies on orphan iframes, and restricting unauthorized access to sensors that provide thermal, power, and frequency readings at the operating system level.

Reference:
  • Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and ARM SoCs
Tags: CPUCyber AlertCyber Alerts 2023CyberattackHot PixelsMay 2023MichiganRuhr University BochumSoCsUSA
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial