GPU.zip is a new type of side channel that exposes visual data processed on the graphics processing unit (GPU). This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression. We present the first security-centric analysis of this optimization and demonstrate that it can be abused to leak visual data. For example, using GPU.zip, a malicious webpage can leak pixels from another webpage in the latest version of Google Chrome, violating the browser security model.
The GPU.zip paper will appear in the 45th IEEE Symposium on Security and Privacy (San Francisco, 20-23 May 2024) with the following title:
You can download a preprint from here and the BibTeX citation from here.
The paper is the result of a collaboration between the following researchers:
Likely, yes. We tested integrated GPUs from AMD, Apple, Arm, Intel, and Qualcomm and one discrete GPU from Nvidia. We have at least preliminary results to show that all tested GPUs are affected.
If your website displays sensitive information about users, you should configure your website to deny being embedded by cross-origin websites. For more information on how to do this, we refer to this web.dev article.
Under most circumstances, probably not. Most sensitive websites already deny being embedded by cross-origin websites. As a result, they are not vulnerable to the pixel stealing attack we mounted using GPU.zip. However, some websites remain vulnerable. For example, if a user who is logged into Wikipedia visits a malicious webpage, that webpage can exploit GPU.zip to learn the user’s Wikipedia username (as we demonstrate in Section 5.4 of the paper).
GPU.zip exploits software-transparent uses of compression. This is in contrast to prior compression side channels, which leak because of software-visible uses of compression and can be mitigated by disabling compression in software. For a more detailed explanation, we refer to the paper.
GPU graphical data compression is a feature of modern GPUs used to save memory bandwidth and improve performance without any software involvement. Specifically, modern GPUs compress graphical data losslessly even when software does not request any compression.
Interestingly, the algorithms used by GPUs for graphical data compression vary across vendors and microarchitectures. Check out the paper for a reverse engineering of several proprietary compression algorithms used by Intel and AMD.
We disclosed our findings and proof-of-concept code to GPU vendors (AMD, Apple, Arm, Intel, Nvidia, and Qualcomm) and to Google in March 2023.
As of September 2023, no GPU vendor has committed to patching.
As of September 2023, Google is still deciding whether and how to patch.
Chrome is vulnerable to the pixel stealing attack demonstrated in the paper because it satisfies the following three criteria:
Other browsers, like Firefox and Safari, do not meet all these criteria and are therefore not vulnerable.
Yes. The GPU.zip logo is free to use under a CC0 license.
Yes, you can find the source code at the link: https://github.com/UT-Security/gpu-zip
