Data Security, Cloud Security
Information leaks possible with novel GPU side-channel attack
Share
Modern integrated graphics processing units, including those manufactured by AMD, Arm, Apple, Intel, Qualcomm, and Nvidia, could be targeted to expose sensitive data through the new GPU.zip side-channel attack, which exploits graphical data compression, The Hacker News reports.
Exploitation of the iGPU-based compression channel could allow threat actors to conduct cross-origin pixel theft in Google Chrome and Microsoft Edge, which have SVG filters, reported researchers from the University of Texas at Austin, University of Illinois Urbana-Champaign, University of Washington, and Carnegie Mellon University.
"The reason is that the attacker can create highly redundant or highly non-redundant patterns depending on a single secret pixel in the browser. As these patterns are processed by the iGPU, their varying degrees of redundancy cause the lossless compression output to depend on the secret pixel," said researchers.
Researchers also noted that Apple Safari and Mozilla Firefox, as well as websites that no longer allow embedding by cross-origin sites, are not vulnerable to the GPU.zip attack.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Related Terms
BitBlock CipherCipherCloud ComputingCryptographic Hash FunctionsData Loss Prevention (DLP)Data WarehousingDigital EnvelopeDigital Signature Standard (DSS)GreynetGet daily email updates
SC Media's daily must-read of the most current and pressing daily news