Bad news for computer users everywhere

Researchers at the University of California in Riverside have discovered that GPUs (Graphics Processing Units) are vulnerable to side-channel attacks like Spectre and Meltdown, which have been plaguing Intel CPU's for the better part of a year.

The team, (consisting of two computer science professors and two Ph.D. students) reverse-engineered an Nvidia GPU and demonstrated three separate side-channel attacks. The attacks targeted both computational and graphics stacks, believing these to be the first ever side-channel attacks designed to work on GPUs.

Three new hacks of GPUs

All three of the newly discovered attacks exploit the user counter in the GPU, which is used for performance tracking and are available in user mode. This is significant because it means that literally, anyone has access to them.  All three also require the victim to download a piece of malware designed to spy on the user's system to provide information back to the hacker executing the attack.

The first of the three attacks tracks a user's internet activity and is made possible because GPUs are used to render graphics in web browsers.  The attack is executed when a poisoned app utilizes OpenGL to infer browser behavior as it utilizes the resources of the GPU.

The second attack allows the hacker to glean password information because GPU resources are used to render the login box on the user's screen.  By monitoring memory allocations in the chip, a hacker can identify the specific keys pressed when entering a password.

The third attack targets computational applications and is designed to target neural network architecture.  Its main purpose is to sniff out and steal neural network algorithms.

In terms of defending against these attacks, there's good news and bad news.  Turning off user-mode access to the counters is a viable defense, but unfortunately, many applications rely on that functionality. Turning it off will cause a number of programs (that you probably need) to stop working.  Ultimately then, GPU manufacturers are going to need to engineer a fix in much the same way that Intel did for their impacted CPUs.

Our perspective

No instances of these types of attacks have been seen in the wild to this point, but now that the word is out, it's just a matter of time.  2019 stands to be a brutal year until and unless a fix is found and pushed out.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business