[BreachExchange] Nvidia GPU Side Channel Vulnerability Disclosed

[Destry Winant]

https://latesthackingnews.com/2018/11/11/nvidia-gpu-side-channel-vulnerability-disclosed/

Researchers have proven lots of side channel vulnerabilities in CPUs
that pose as security risks. However, this time, researchers have
demonstrated a vulnerability in GPUs as well. Their work revolved
around proving the possibility of a side-channel attack on Graphics
Processing Units. From the results obtained, they concluded that GPU
vulnerability to side channel attacks could lead to privacy and
security breaches. This includes everything from spying on user
activity to allowing hackers in to cloud services.

Researchers Proved GPU Vulnerability To Side Channel Attacks

A team of researchers from the University of California, Riverside,
have discovered a GPU vulnerability based around a side-channel attack
that could allow potential attackers to breach a users’ privacy. The
Graphics Processing Unit (GPU) forms one of the core components in a
computer. It is primarily responsible for handling graphical workloads
and accelerating other computational processes.

The team conducting this study included four computer scientists who
compiled their findings as part of a research paper presented in a
conference. As reported, the researchers analyzed a range of Nvidia
GPUs to find exploitable side channels.

“We demonstrate the vulnerability using two applications. First, we
show that an OpenGL based spy can Fingerprint websites accurately,
track user activities within the website, and even infer the keystroke
timings for a password text box with high accuracy. The second
application demonstrates how a CUDA spy application can derive the
internal parameters of a neural network model being used by another
CUDA application, illustrating these threats on the cloud.”

To validate these findings, the researchers considered three different
attack vectors. These include,

- Graphics spy on a victim – an attack involving exploitation of
graphics APIs, for instance, OpenGL, to track a co-located
application.
- CUDA spying on a victim – requires an attacker to exploit CUDA for
spying on cloud-based apps.
- CUDA spying with a graphics victim (Cross-Stack) – with user
privileges, an attacker can attack graphics applications from CUDA.

For each of these scenarios, they reverse engineered the co-location
properties to identify the co-location pattern and sources of the
leaks.

In the light of their findings, researchers established that these
attack scenarios could allow an attacker to perform various malicious
activities. Some of these include website fingerprinting, tracking
user activity, stealing passwords and other account based credentials

Nvidia Responds To The Study

Before revealing their report, the researchers informed Nvidia of the
vulnerabilities in their GPUs. Moreover, they also shared their
findings with AMD and Intel for possible evaluation for security risks
to their GPUs.

Consequently, Nvidia has recently responded to this study in their
security advisory. In it, they acknowledge their collaboration with
the researchers over this software security issue in Nvidia GPUs.

Explaining the matter in their advisory, Nvidia stated,

“NVIDIA graphics driver contains a vulnerability that may allow access
to application data processed on the GPU through a side channel
exposed by the GPU performance counters. Local user access is
required. This is not a network or remote attack vector.”

The reported vulnerability has received the CVE number CVE‑2018‑6260.
Presently, Nvidia has identified this flaw as a low-severity level
issue. Nonetheless, they confirm to release a patch for this flaw,
alongside posting a security bulletin for it, soon.