New Side channel attack, but this time with a twist.

[Lakados]

https://www.bleepingcomputer.com/ne...vulnerable-to-new-gpuzip-side-channel-attack/

Fantastic come back from lunch to yet another side channel attack, why can’t we just have nice things and the bad people leave us alone.

 

[1_rick]

Here's what most articles don't tell you about this vuln: it's low bit rate, meaning it would take about half an hour (I read somewhere--link below) to get a username/password. And you can't scroll at all during that time. Oh, also, it captures pixel data, which means since the vast majority of websites hide your password, the vuln can't actually *get* your password--instead, it'll get a string of 8 (or whatever) *s.

Here's Arse technica, showing some examples, requiring half an hour to get an 8-letter username on a Ryzen 4800U, or 215 minutes (not a typo) on an i7-8700.

 

[1_rick]

This blog post gives an informative layman's description of how it works.

 

[4saken]

95%+(being generous even with this) of these exploits will ever affect majority of individual contributors nor companies. I talk security and data protection to massive enterprises, and the only thing on their mind is Ransomware and recovery. Indelibility of their backups, and identifying exfiltration of data, etc, etc. No CIO is losing sleep over some cpu/gpu/vmware/etc/etc exploit. It is just a checkbox to get fixed via update/firmware/etc at some point.

*edit grammar

 

[riev90]

95%+(being generous even with this) of these exploits will never affect majority of individual contributors nor companies. I talk security and data protection to massive enterprises, and the only thing on their mind is Ransomware and recovery. Indelibility of their backups, and identifying exfiltration of data, etc, etc. No CIO is losing sleep over some cpu/gpu/vmware/etc/etc exploit. It is just a checkbox to get fixed via update/firmware/etc at some point.

This is exactly what happened.
When I read about Downfall attack on Intel CPU(s) as we have some servers using Intel Xeon, I informed my IT Team at the company and they said, relax. LMAO

 

[scottypippin]

I guess if you knew which part of the screen a static element was kept in and the person never swapped windows to something else.....heck, never opened a new tab......never moused over that section.....okay yeah, not practical even from that angle if I'm right. Its cool....but you're all correct, not quite practical unless there's a way to accelerate the process.

 

[1_rick]

I guess if you knew which part of the screen a static element was kept in and the person never swapped windows to something else.....heck, never opened a new tab......never moused over that section.....okay yeah, not practical even from that angle if I'm right. Its cool....but you're all correct, not quite practical unless there's a way to accelerate the process.

Apparently the trick is to open a site in an invisible iframe or similar. And you have to know ahead of time what site you're opening, so you know where the userid/password boxes are on the page already, so it can't really be used to grab info from any old page you visit. So you have to visit a malicious site (or one that's been hacked already), and then stick around the half-hour or however long it takes for your GPU to scan said hidden iframe.