Research conducted by a team of computer scientists at the University of California Riverside has demonstrated that hackers can target a computer's graphics processing unit (GPU) to steal passwords, break into cloud-based applications and spy on the web activity of a user.
GPUs are the devices that improve the performance of computers' graphical workloads; they are powerful and programmable computational devices.
The advanced capabilities of GPUs were originally used for 3D game rendering, but researchers have now started to harness their capabilities more broadly to speed up computational workloads in many other areas such as scientific research, financial modelling, artificial intelligence and oil and gas exploration. GPUs are also being integrated into data centres and clouds to accelerate data-intensive workloads.
In this new study, the scientists reverse-engineered an Nvidia GPU to demonstrate how three attacks on GPU's graphics and computational stacks can enable hackers to steal vital data from the a computer, endangering user privacy.
The researchers revealed that the attacks are enabled after the victim downloads an app with a malicious program created to observe the victim's computer.
With the first attack, hackers can track the user's activity on the web. When the user opens the malicious app, it creates a spy to collect information about the behaviour of the web browser. To create the spy, the malicious app uses OpenGL, which is accessible by any application on a system with user-level privileges. The spy then enables hackers to achieve website fingerprinting with high levels of accuracy.
The second attack enables hackers to steal user passwords. When a character is typed on the system, the malicious app uploads the complete password textbox to the GPU as a texture to be rendered. Then, hackers can 'read' the password by observing the interval time of consecutive memory allocation events and inter-keystroke timing.
With the third attack, hackers can target a computational application in the cloud. This is achieved by launching a malicious computational workload on the GPU. This workload operates along with the user's application and enables hackers to obtain the structure of victim's secret neural network.
The research paper was presented at the ACM SIGSAC Conference on Computer and Communications Security last month in Toronto, Canada. According to researchers, the findings were also reported to Nvidia, the AMD and Intel security teams
What can artificial intelligence and machine learning do for you and your organisation?
If you don't know yet, or want to make sure that you're not missing out, Computing's first AI & Machine Learning Live event is for you. To find out more, check out the Computing AI & Machine Learning Live website. Attendance is FREE to qualifying IT leaders and senior IT pros, but places are going fast
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago