News 'Hot Pixel' Attack Steals Data From Apple and Nvidia Chips Using Frequency, Power and Temperature Info

[Admin]

A team of researchers probed modern CPUs from Apple and Qualcomm, along with discrete Nvidia GPUs and iGPUs from Apple and Intel to steal data.

'Hot Pixel' Attack Steals Data From Apple and Nvidia Chips Using Frequency, Power and Temperature Info : Read more

 

[cyrusfox]

They are claiming to steal 0.1 bit per second with this technique... Good luck piecing anything meaningful together, this is an absurd technique and without multiple generations of exponential improvement it will remain an impractical paper exercise.

 

[InvalidError]

If you need software already running on the machine to exfiltrate data through a low-speed side-channel like heat output, power draw, blinking keyboard LEDs, etc., you have many other ways to do the job more efficiently such as whatever method was used to put the exfiltration software on there in the first place.

 

[Metal Messiah.]

Software mitigation might also be possible.

They can "isolate" cookies from cross-origin iframes, to mitigate some of these pixel- stealing attacks, so the content displayed in iframe will not contain any sensitive or secret data. SAFARI already uses this, but for Google Chrome I think the devs are still considering using this.

Might require some change in HTML code standard though.

Preventing or stopping the SVG filters from being applied to the iframes or hyperlinks might help with pixel stealing, and other sniffing attacks IMO.

 

[RichardtST]

This is so completely ridiculous. I mean, it requires hostile software already running on the machine... The operator could memorize the data a few bytes at a time and write it down faster than the exfiltration rate! Not only that, but in this day and age, with cores and SBCs and everything else so cheap, if you have sensitive data on a machine where there are users that are not supposed to be accessing it... then YOU ARE THE PROBLEM. Data that needs to be separated needs to be on separate hardware. No ifs, ands, or buts. With the complexity of it all these days 100% separation on the same hardware is impossible. Forget it.

 

[Atom Symbol]

It isn't an unexpected result. It was assumed for quite some time that side-channel attacks via frequency, power or temperature measurements are possible in theory, and that only effort and focus from researchers is required to prove that it is possible in practice.

A much more interesting result would be to prove theoretically that reading CPU's temperature over a sufficiently long period of time (such as: 1 million years) enables the reconstruction of the CPU's architecture and of the state of the CPU such as the values of registers and the contents of µop/L1/L2/L3 caches and buffers.

 

[bill001g]

Most machine where you would go to this level to spy on are already air gapped. The much larger problem is when you have to actually warn your employees to not put sensitive corporate data into chatgpt. Why bother with fancy spying tools when stupid people will just hand you the data.

 

[PEnns]

0.1 bit per second!!

Ridiculous! Your tax money hard at work for such stupid results.

 

[kjfatl]

Some of these techniques of stealing data seem like ridiculous wasted time for DOD funded researchers just sucking down our government's money. One of these techniques was able to extract one unencrypted byte of an encrypted computer program. Once the technique was understood, the process was automated allowing the entire program to be extracted one byte at a time.

In many cases the machine is air-gapped but the same encryption codes are used across multiple devices, and in some cases device types. Air-gapped is also a misnomer. There is always a way to bridge the gap. In come cases the 'bridge' involves a USB drive or service personnel who repair the hardware.

 

[TechieTwo]

This might be fine for someone with lots of time on their hands being paid by the gov'ment to hack somebody's computer but first they need to actually be able to access the computer. Anyone with a clue would be running security software/hardware which would make this hacking approach a dead end.

 

[Deleted member 14196]

I thought you were going to say ‘a dead pixel’ 😀

 

[Hooda Thunkett]

If I were trying to exfiltrate data from a computer I could access without an administrator account that still allowed me to install malware, I would be looking for ways to escalate privileges and would completely skip this method entirely. It's an interesting scientific exercise with no real world application as presented.

 

[USAFRet]

What is unclear about "proof of concept"?

This is not some actual hack protocol.
Rather, "We can begin to glean information via this interface."

Like, the very first time someone got a bit of audio, from a laser bounced off a window.
Or TEMPEST when is was new.

 

[greenreaper]

That's about 32KB/month. Enough for a small file, but you better know which one you want.

 

[Friesiansam]

Ridiculing this is stupid and complacent. Today's proof of concept, could in time, become an effective attack we all need to guard against. I am not saying that it will be effective in the future, only that it might be but, just dismissing it is idiotic.

 

[InvalidError]

Ridiculing this is stupid and complacent. Today's proof of concept, could in time, become an effective attack we all need to guard against. I am not saying that it will be effective in the future, only that it might be but, just dismissing it is idiotic.

If your computer is connected to the internet, there are infinite easier and faster ways to get data out. If the machine has any accessible USB ports, that is infinitely more practical than this "exploit" too.

How do you get your exfiltration software on the target PC in the first place? Without internet, USB or other means of directly putting the software on there, you'd need to type binary code in from the console or something from memory.

 

[mavroxur]

The attack also requires the system to be compromised to "tap" the data out using temp and power modulations. I mean, if you've already kicked in the front door of a house, are you going to pass the valuables up the chimney with a block and tackle system? Why not just go out the front door....

 

[InvalidError]

if you've already kicked in the front door of a house, are you going to pass the valuables up the chimney with a block and tackle system? Why not just go out the front door....

The only reason I can imagine is subtlety: if you didn't get caught breaking in to setup the house for slowly emptying, there is a chance nobody will notice stuff trickling out for a while, especially with data where the original remains behind so you aren't going to suspect your house has been compromised from stuff randomly disappearing.