meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, September 28th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 28 September 2023

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. GPU Sidechannels; Compromised Routers; More libwebp Confusion; Fake Dependabot

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Thursday, September 28, 2023 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

0:15.2

But we got an interesting new side channel attack. In this case, it's affecting GPUs, not CPUs. Of course, we had a bunch of

0:25.1

different side channel attacks over the last few years in CPUs. Well, GPUs, overall, shouldn't

0:31.3

really be all that different. And so no real big surprise that it affects GPUs, but the kind of vulnerability here is

0:40.2

sort of unique to GPUs.

0:43.6

GPUs are often compressing traffic.

0:46.6

Of course, video traffic is known to compress fairly well.

0:51.1

And as so often, the ratio at which content compresses allows you to deduct

0:58.7

some properties of the content itself. What makes this paper even sort of more amazing is that

1:06.2

they actually managed to implement this attack in a web browser. Web browsers are trying really hard

1:14.7

to separate data loaded from different web pages or different origins. As a result, if you have

1:22.6

two windows open, well, JavaScript in one of those windows cannot access the other window if these two pages were loaded from different origins.

1:33.4

What they demonstrated here in the paper is that they were able to load a page.

1:39.1

They used Wikipedia as an example into an eye frame, and then the page that contained the eye frame was able to

1:48.7

deduct content of the page inside the eye frame, which, well, shouldn't be possible in a sort of

1:56.6

proof of concept. They were able to read the username. Now, they picked the username here because

2:02.1

it wasn't a very specific location of the page. This attack is like many side channel attacks,

2:08.1

not very fast. Speed and accuracy depends a lot on the screen resolution as well as on the

2:14.5

CPU and GPU being used here. The fastest they had was two pixels per second, but with a 99.6% accuracy. Some of the slower ones are going down to like 0.2 pixels per second. So basically it takes you 5 seconds to deduct the content of a single pixel.

2:38.1

Still for a proof of concept, that's certainly not bad and certainly useful to, for example, read content,

2:46.0

like in this case usernames or other confidential data from another page that the script running on the attackers' web page should not have access to.

2:56.6

I will, of course, link to the paper in the show notes.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.