The team, (consisting of two computer science professors and two PhD students) reverse-engineered an Nvidia GPU and demonstrated three separate side-channel attacks. The attacks targeted both computational and graphics stacks, believing these to be the first ever side-channel attacks designed to work on GPUs.
All three of the newly discovered attacks exploit the user counter in the GPU, which is used for performance tracking and are available in user mode. This is significant because it means that literally anyone has access to them. All three also require the victim to download a piece of malware designed to spy on the user’s system to provide information back to the hacker executing the attack.
The first of the three attacks tracks a user’s internet activity and is made possible because GPUs are used to render graphics in web browsers. The attack is executed when a poisoned app utilizes OpenGL to infer browser behavior as it utilizes the resources of the GPU.
The second attack allows the hacker to glean password information, because GPU resources are used to render the login box on the user’s screen. By monitoring memory allocations in the chip, a hacker can identify the specific keys pressed when entering a password.
The third attack targets computational applications and is designed to target neural network architecture. Its main purpose is to sniff out and steal neural network algorithms.
In terms of defending against these attacks, there’s good news and bad news. Turning off user mode access to the counters is a viable defense, but unfortunately, many applications rely on that functionality. Turning it off will cause a number of programs (that you probably need) to stop working. Ultimately then, GPU manufacturers are going to need to engineer a fix in much the same way that Intel did for their impacted CPUs.
No instances of these types of attacks have been seen in the wild to this point, but now that the word is out, it’s just a matter of time. 2019 stands to be a brutal year until and unless a fix is found and pushed out.