Researchers from four American universities have identified a new GPU side-channel attack named ‘GPU.zip,’ which exploits data compression to leak sensitive visual data from modern graphics cards when users visit web pages. They demonstrated the attack’s effectiveness through cross-origin SVG filter pixel-stealing attacks conducted via the Chrome browser.
Despite informing GPU manufacturers and Google about the vulnerability in March 2023, no patches have been released to address the issue as of September 2023. The research paper outlining this flaw is scheduled to be presented at the 45th IEEE Symposium on Security and Privacy.
Furthermore, the vulnerability stems from data compression used in modern GPUs, even when not explicitly needed. This undocumented and vendor-specific practice is employed to optimize memory bandwidth and performance. The researchers discovered a way to exploit this compression, allowing them to extract individual pixel data through a web browser on various devices and GPU architectures. The attack demonstrates the ability to steal a username from a Wikipedia iframe within 30 minutes on Ryzen and 215 minutes on Intel GPUs, with high accuracy.
The severity of GPU.zip affects major GPU manufacturers, including AMD, Apple, Arm, Intel, Qualcomm, and NVIDIA, albeit not all cards are equally impacted. The lack of vendor efforts to optimize their data compression approach and limit its operation to non-sensitive cases exacerbates the risk. While the attack potentially affects a wide range of devices globally, the complexity and time required for execution moderate its immediate impact on users.
Additionally, websites denying cross-origin iframe embedding are not vulnerable to this side-channel attack. Firefox and Safari also do not meet all the criteria required for GPU.zip to function, further mitigating the threat on those browsers.
