a security breach likely affects your graphics card

A major security flaw affects most graphics cards. Using the breach, called GPU.zip, hackers can steal sensitive information about Internet users, such as identifiers. Despite the risks, the makers have no plans to develop a patch…

Researchers from four American universities have discovered a serious security flaw in most graphics cards on the market. The Breach, titled GPU.zipaffects GPUs from AMD, Apple, Arm, Intel and Qualcomm.

According to the experts, it is therefore possible that the card in your device has indeed been affected. The vast majority of laptops, smartphones, tablets and desktops are likely to be affected.

Also read: Intel and “the fall” – billions of processors have a serious security flaw

Data theft via GPU

By exploiting this vulnerability, an attacker could steal private and sensitive information, such as usernames and passwords, without users' knowledge. This data can then be used to log into an online account or service, impersonating the user.

Specifically, the breach allows access “visual data processed by the graphics card”. Malicious websites can then search through this data and reconstruct all the collected pixels capture sensitive information about another website. In this case, this is about identification data.

To demonstrate their findings, the university's researchers conducted an attack using the Google Chrome browser. By exploiting GPU.zip, they managed to steal data, in the form of pixels, belonging to websites. The data is then reconstructed one pixel at a time. By using the flaw, the attacker actually bypasses a basic principle of computer security, which requires that data be isolated, safe from a potential hacker.

The problem of data compression

According to the researchers' report, the breach involves a very common mechanism in current graphics cards, “graphics data compression”. This system consists of data compression related to graphics or visualization using GPU computing power. Graphical data such as images or videos are then smaller and easier to manage.

This system makes it possible to improve performance… while opening a door of access for hackers. Indeed, this optimization “Creates a side channel that can be exploited by an attacker”. Through a browser, the GPU-compressed data can be played. The researchers behind the discovery explain:

“If a user logged in to Wikipedia visits a malicious website, that website can exploit GPU.zip to discover the username on Wikipedia”.

A corrective that is desirable

American experts report that they have warned AMD, Apple, Arm, Intel, Nvidia, Qualcomm and Google in March 2023. Several months later, it turns out thatno company bothered to develop a patch. Above all, no manufacturer has committed to addressing the problem, despite the warning. Only Google seems hesitant and is said to be “still deciding” whether GPU.zip is worth fixing.

“GPU vendors have largely refused to act. one said the side channel was not his responsibility.” sorry to the experts on the site dedicated to GPU.zip.

Fortunately, researchers clarify that the real threat is relatively minimal. Indeed, most websites are not susceptible to such an attack. However, “some websites remain vulnerable”, the report warns. In addition, very popular browsers such as Edge and Chrome are also affected. This is why they strongly encourage manufacturers to develop a fix as soon as possible.

🔴 To not miss any news from 01net, follow us on Google News and WhatsApp.



Leave a Reply

Your email address will not be published. Required fields are marked *