GPUs can be Used to Steal Passwords and Leak Data From Cloud Instances

Discussion in 'HardForum Tech News' started by AlphaAtlas, Nov 7, 2018.

  1. AlphaAtlas

    AlphaAtlas [H]ard|Gawd Staff Member

    Messages:
    1,713
    Joined:
    Mar 3, 2018
    Researchers from The University of California, Riverside, published a paper detailing how an Nvidia GPU can be used to orchestrate a variety of attacks. In one attack, the researchers fed GPU memory allocation and performance counter data to a "machine learning based classifier," which accurately identified websites the victim was browsing. Other exploits were able to steal password information, or steal data from shared cloud instances. The research was tested with a Tesla K40, a Geforce GTX 745 and a Titan V, but the researchers noted that other Nvidia and AMD GPUs have similar performance counters. The exploits require a malicious application to be downloaded and run first, and Nvidia is already working on an option patch to disable the performance counters used in the attacks. They also sent a copy of the paper to AMD's and Intel's graphics departments, so that they can mitigate similar attacks. The full research paper is available for free.

    In the second attack, the authors extracted user passwords. Each time the user types a character, the whole password textbox is uploaded to GPU as a texture to be rendered. Monitoring the interval time of consecutive memory allocation events leaked the number of password characters and inter-keystroke timing, well-established techniques for learning passwords.

    The third attack targets a computational application in the cloud. The attacker launches a malicious computational workload on the GPU which operates alongside the victim’s application. Depending on neural network parameters, the intensity and pattern of contention on the cache, memory and functional units differ over time, creating measurable leakage. The attacker uses machine learning-based classification on performance counter traces to extract the victim’s secret neural network structure, such as number of neurons in a specific layer of a deep neural network.
     
  2. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,303
    Joined:
    Aug 16, 2010
    Reason no. 999 the Cloud™ was, is and forever will be shit.
     
  3. viper1152012

    viper1152012 [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Jun 20, 2012
    So you just need to have a powerful workstation card attavhed to your personal pc running malicious script?

    3kYlDhD.jpg
     
    Master_shake_ likes this.
  4. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    13,954
    Joined:
    Mar 31, 2001
    "The exploits require a malicious application to be downloaded and run first,"

    Well, if you manually install a trojan, you are going to get p0wned. Nothing to see here.
     
    dvsman, auntjemima and Armenius like this.
  5. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,303
    Joined:
    Aug 16, 2010
    True, but this doesn't require admin nor network access, so it's more sinister and harder to block or detect once it's run.
     
  6. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    13,954
    Joined:
    Mar 31, 2001
    Lots of exploits don't require admin access to access <user data>. They only need to run as the user.
     
  7. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,622
    Joined:
    Apr 9, 2012
    the cloud.

    code word for someone else's computer.
     
    Crackinjahcs likes this.
  8. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,303
    Joined:
    Aug 16, 2010
    Yeah, but they have to somehow get the collected data out. This one doesn't show up as suspicious network activity.
     
  9. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    13,954
    Joined:
    Mar 31, 2001
    I didn't see a mention of how they got the data out anywhere in the article. Just that if you installed malicious software they could get the data from the GPU by looking at what it is rendering. If they get you to install malicious software, there are WAY easier ways like keyloggers.
     
  10. Meeho

    Meeho [H]ardness Supreme

    Messages:
    4,303
    Joined:
    Aug 16, 2010
    As I understood it, another "spy" VM on the same cloud node can get sensitive data from the user's VM.
    It's not a super exploit, but it's another point of failure that comes from offloading your IT to someone elses computers that are shared by millions.
     
  11. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    13,954
    Joined:
    Mar 31, 2001
    I think that when you put ANYTHING in the cloud, you understand that it's on a "shared" server. There have been all types of cpu, hypervisor, etc exploits. I'm not sure how this is special or surprising...?

    Edit: That also looks like it only applies to the (third attack) edge case of using web browsing & typing a password on a cloud server while using a GPU shared among guests.

    I'm not saying it shouldn't be fixed, but it's SUCH an edge case....
     
    ZeqOBpf6 likes this.
  12. umeng2002

    umeng2002 Gawd

    Messages:
    923
    Joined:
    May 23, 2008
  13. HammerSandwich

    HammerSandwich [H]ard|Gawd

    Messages:
    1,104
    Joined:
    Nov 18, 2004
    Seems that a PW manager automatically handles the inter-keystroke timing, and adding a few dummy character/backspace combos would fool the length guessing.