A group of researchers from several US universities has developed a new method of attacks that allows them to extract visual information processed in the GPU through third-party channels. This method, called GPU.zip, enables attackers to determine the information displayed on a screen. The researchers demonstrated that even a malware opened in Chrome can acquire information about pixels displayed while another webpage is being drawn in the same browser.
The cause of this information leakage is the optimization used in modern GPUs, which compresses graphic data. The problem affects all tested integrated GPUs (AMD, Apple, ARM, Intel, Qualcomm) and discrete NVIDIA graphics cards. Interestingly, the researchers discovered that integrated GPUs from Intel and AMD always utilize data compression, regardless of whether the application requests it or not. This compression introduces correlations between the processed data and the traffic in DRAM and the load on the cache, making it possible to reconstruct the original data through third-party analysis.
The method, however, is time-consuming. For instance, on a system with an integrated AMD Ryzen 7 4800U GPU, it took 30 minutes to determine the name the user entered on Wikipedia in another tab, with a pixel accuracy of 97%. On systems with an integrated Intel i7-8700 GPU, a similar attack required 215 minutes to achieve a pixel accuracy of 98%.
When conducting an attack through a web browser, the target site is opened cyclically in an iframe to initiate the drawing process. By applying an SVG filter to the displayed iframe and sequentially overlaying masks that contribute to compression but do not add excessive redundancy, the researchers are able to determine the processed information. By assessing the changes in rendering time for reference samples, they can identify the presence of dark or light pixels in certain positions and reconstruct the overall image by systematically checking each pixel.