A new type of side-channel attack has been discovered that can exploit the power, temperature and frequency of CPUs and GPUs to steal sensitive information. The attack, dubbed “Hot Pixel”, was demonstrated by a team of security researchers funded by DARPA and the US Air Force on various devices, including Apple’s M1 and M2 chips, Qualcomm’s Snapdragon 8 Gen 1, Google’s Tensor processor, and Nvidia and AMD GPUs.
Side-channel attacks are a class of attacks that use physical signals emitted by a computer, such as power consumption, electromagnetic radiation, sound or heat, to infer what the computer is doing or processing. These attacks can bypass traditional software-based security measures and require either external equipment or software access to the target device.
Hot Pixel is a novel side-channel attack that uses software to monitor the internal sensors of CPUs and GPUs that measure power, temperature and frequency. These sensors are used by a mechanism called Dynamic Voltage and Frequency Scaling (DVFS), which adjusts the voltage and frequency of the chip in real time to optimize performance and energy efficiency. DVFS is present on nearly all modern chips and is controlled by the chip’s P-state.
The researchers found that by forcing one of the three variables of DVFS (power, temperature or frequency) to be constant, they can observe the changes in the other two variables and correlate them with the instructions executed and the data processed by the chip. This allows them to perform various types of attacks, such as website fingerprinting, pixel stealing and history sniffing.
Website fingerprinting is an attack that can identify which website a user is visiting by analyzing the network traffic patterns. Pixel stealing is an attack that can reconstruct the pixels displayed on the user’s screen by measuring the power consumption of the GPU. History sniffing is an attack that can infer the user’s browsing history by detecting whether a website has been visited before based on the cache state.
The researchers demonstrated these attacks using JavaScript code running in a browser on Chrome and Safari, with all side-channel mitigations enabled. They were able to steal data from Arm CPUs from Apple and Qualcomm, as well as discrete GPUs from Nvidia and AMD and integrated graphics in Intel and Apple chips.
The researchers claim that their attack methods are proof-of-concept and that the data exfiltration rates are very low with the current technique. However, they also warn that further work could improve the speed and accuracy of the attacks, and that this is how many side-channel attacks evolve over time.
The researchers suggest some possible countermeasures to mitigate Hot Pixel attacks, such as adding noise or randomization to the DVFS mechanism, limiting or disabling access to the internal sensors, or implementing hardware or software isolation between different processes.
Relevant articles:
– Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs, arXiv.org, 27 May 2023
– ‘Hot Pixel’ Attack Steals Data From Apple, Intel, Nvidia, and AMD Chips via Frequency, Power and Temperature Info, Tom’s Hardware, 27 May 2023
– DF-SCA: Dynamic Frequency Side Channel Attacks are Practical, arXiv.org, 28 May 2023