Graphics gap allows access
Researchers say hackers could access computers via their graphics cards and browsers.
Researchers from the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) have uncovered a significant security vulnerability in modern web browsers that allows unauthorised access to computers through graphics cards.
The discovery pertains to the WebGPU interface, a newer web standard currently being developed and already supported in browsers like Google Chrome, Microsoft Edge, and Firefox's nightly versions.
The team at TU Graz managed to execute three distinct side-channel attacks exploiting this vulnerability, demonstrating that the attacks could be conducted swiftly enough to be effective during typical web browsing sessions.
“Our attacks do not require users to interact with a website, and they run in a timeframe that allows them to be carried out during normal internet surfing,” explained Lukas Giner from TU Graz.
Web browsers have increasingly used the processing power of graphics cards (GPUs) to meet the demanding computational needs of modern websites.
This interaction is facilitated through programming interfaces like WebGL and the emerging WebGPU, which allow scripts written in JavaScript to harness GPU resources.
While this capability enhances the performance of web applications, it also introduces potential risks, as demonstrated by the TU Graz researchers.
Using a website embedded with malicious JavaScript, the researchers were able to spy on data including keystrokes and encryption keys from other computers by exploiting the WebGPU interface.
The technique involves manipulating the cache memory that the GPU uses for fast, temporary data storage. By monitoring the cache's interactions, the researchers could infer sensitive information about the system's operations and data flows.
In one of their attack methods, the researchers filled the cache with their data and monitored its displacement by other data inputs, which enabled them to deduce keystroke timings and subsequently gather user input information.
Another attack involved creating a covert channel that mimicked binary code communication by using filled and unfilled cache segments to represent binary states, achieving data transfer rates sufficient for stealing simplistic data types.
The most sophisticated of their attacks targeted the AES encryption standard, commonly used for securing data transfers and storage.
By manipulating their own AES encryption operations in the cache, the researchers could identify critical encryption parameters of the system under attack.
“These findings are crucial for browser developers to consider as they continue to develop features that integrate GPU computing capabilities,” said Roland Czerny, another member of the research team.
The researchers have already communicated their findings to browser manufacturers, urging them to treat GPU access with the same rigour as other critical resource accesses to enhance security and privacy protections.
The research will be detailed further at the upcoming ACM Asia Conference on Computer and Communications Security, scheduled for July 1-5 in Singapore. An early copy of the research paper is accessible in PDF form, here.