{"id":59495,"date":"2023-09-26T13:40:53","date_gmt":"2023-09-26T17:40:53","guid":{"rendered":"http:\/\/pappp.net\/?guid=3dfa8d6c21da4d08021cb9c78b068ae2"},"modified":"2023-09-26T13:40:53","modified_gmt":"2023-09-26T17:40:53","slug":"gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=59495","title":{"rendered":"GPUs from all major suppliers are vulnerable to new pixel-stealing attack"},"content":{"rendered":"<p class=\"syndicated-attribution\">Source: <a href=\"https:\/\/arstechnica.com\/?p=1971213\">Ars Technica<\/a><\/p>\n<div style=\"background-color : #fff7d5;\n\t\t\tborder-width : 1px; padding : 5px; border-style : dashed; border-color : #e7d796;margin-bottom : 1em; color : #9a8c59;\">Article note: This is some insane shit.\nThe fact that \"GPU-accelerated CSS filters on a cross-origin iframe\" are a thing is psychotic and and indictment against the state of the Web on multiple levels. \nThe fact that someone figured out they can use the mechanism to launch side-channel attacks by building filters with different execution times based on pixel properties is super nifty in a horrifying way.<\/div><div>\n<figure>\n  <img src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/09\/pixels-800x540.jpg\" alt=\"GPUs from all major suppliers are vulnerable to new pixel-stealing attack\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/>\n      <p><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/09\/pixels.jpg\" rel=\"noopener noreferrer\">Enlarge<\/a> <\/p>  <\/figure>\n\n\n\n\n\n\n<div><a name=\"page-1\"><\/a><\/div>\n<p>GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper published Tuesday.<\/p>\n<p>The cross-origin attack allows a malicious website from one domain&mdash;say, example.com&mdash;to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy\" rel=\"noopener noreferrer\">same origin policy<\/a>, it mandates that content hosted on one website domain be isolated from all other website domains.<\/p>\n<h2>Optimizing bandwidth at a cost<\/h2>\n<p>GPU.zip, as the proof-of-concept attack has been named, starts with a malicious website that places a link to the webpage it wants to read inside of an <a href=\"https:\/\/www.hostinger.com\/tutorials\/what-is-iframe\/\" rel=\"noopener noreferrer\">iframe<\/a>, a common HTML element that allows sites to embed ads, images, or other content hosted on other websites. Normally, the same origin policy prevents either site from inspecting the source code, content, or final visual product of the other. The researchers found that data compression that both internal and discrete GPUs use to improve performance acts as a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Side-channel_attack\" rel=\"noopener noreferrer\">side channel<\/a> that they can abuse to bypass the restriction and steal pixels one by one.<\/p><\/div><p><a href=\"https:\/\/arstechnica.com\/?p=1971213#p3\" rel=\"noopener noreferrer\">Read 15 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=1971213&amp;comments=1\" rel=\"noopener noreferrer\">Comments<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Enlarge   <\/p>\n<p>GPUs from all six of the major suppliers are vulnerable to a newly disc&#8230;<\/p>\n<p> <a href=\"https:\/\/pappp.net\/?p=59495\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-59495","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/59495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=59495"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/59495\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=59495"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=59495"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=59495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}