Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

New Side-Channel Attacks Target Graphics Processing Units

A trio of new attacks bypass CPUs to wring data from vulnerable GPUs.

A new brand of side-channel vulnerabilities has been disclosed and this time it's not the CPU that's under attack: it's the GPU.

New exploits published by computer scientists at the University of California, Riverside, leave both individual users and high-performance computing systems at potential risk. The three sets of exploits pull sensitive data out of a graphics processing unit core, and do so with relative ease, compared to some of the side-channel attacks that have been demonstrated on CPUs.

Two of the attacks target individual users, pulling information on website history and passwords. The third could open the door to an organization's machine-learning or neural network applications, exposing details about their computational model to competitors.

The researchers' paper, Rendered Insecure: GPU Side Channel Attacks are Practical, was presented at the ACM SIGSAC conference, and the vulnerabilities have been disclosed to Nvidia, Intel, and AMD.

The first two attacks take advantage of the cores in a GPU communicating in parallel to complete a workload. Knowing about that communication means that, "…if we coordinate it right then we achieve really high bandwidth so that we can block out noise," says Nael Abu-Ghazaleh, professor of computer science and engineering, and of electrical and computer engineering at the university.

The basic attack technique works like this: "There is a victim process and then there's somebody else was spying on it through leakage in the caches or other shared resources," he says. The fact that all the cores share certain resources means that the attacker doesn't have to figure out which core is running a particular thread, greatly simplifying the attack.

An attack on the API dealing with memory allocation for the GPU cores allows an attacker to ultimately figure out which websites have been visited in a process Abu-Ghazaleh describes as website "fingerprinting." If the point of attack is memory allocation based on keystrokes entered by the user, then "with well-known attacks on timing you can actually figure out with high certainty what are the candidate passwords and quickly get to the point where you can crack the password," he says.

Vulnerable Intelligence

The vulnerability that affects machine learning applications depends on understanding certain counters that are actually designed to make programming a GPU easier.

"Things can go really wrong when you're writing GPU code because it's very sensitive to memory access patterns and so on," Abu-Ghazaleh says. "The counters are provided to give this insight, and they're accessible from user mode," he explains. If a spy process can watch these counters, it can gain incredible insight into the processes that are running.

In the attack, workloads are sent to the GPU concurrently with the victim workload in order to cause stress and the resulting update of the counters. Within the GPU, there can be more than 200 of these counters keeping track of various performance aspects, so the picture of what is happening can become quite clear.

Abu-Ghazaleh says that the ultimate danger of these attacks would be in a shared GPU-compute configuration, such as in a cloud-based machine learning environment. 

Turning off user mode access to the counters can defend against the third attack but would also break many existing applications that depend on the functionality. Nvidia has not yet released patches for the vulnerability, but Abu-Ghazaleh says that he understands patches to be in the works.

As of presstime, Nvidia had not responded to Dark Reading for comment.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7822
PUBLISHED: 2020-08-04
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
CVE-2020-7823
PUBLISHED: 2020-08-04
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
CVE-2020-6012
PUBLISHED: 2020-08-04
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems.
CVE-2019-20001
PUBLISHED: 2020-08-04
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
CVE-2020-15467
PUBLISHED: 2020-08-04
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.