Hackers can use the graphics processing unit to spy on web activity, steal passwords, and break into cloud-based applications

 ( kohinoor | 2018. november 7., szerda - 21:00 )

https://news.ucr.edu/articles/2018/11/05/new-attacks-graphics-processors-endanger-user-privacy

"All three attacks require the victim to first acquire a malicious program embedded in a downloaded app. The program is designed to spy on the victim’s computer."

"The first attack tracks user activity on the web. When the victim opens the malicious app, it uses OpenGL to create a spy to infer the behavior of the browser as it uses the GPU. Every website has a unique trace in terms of GPU memory utilization due to the different number of objects and different sizes of objects being rendered. This signal is consistent across loading the same website several times and is unaffected by caching."

"In the second attack, the authors extracted user passwords. Each time the user types a character, the whole password textbox is uploaded to GPU as a texture to be rendered. Monitoring the interval time of consecutive memory allocation events leaked the number of password characters and inter-keystroke timing, well-established techniques for learning passwords."

"The third attack targets a computational application in the cloud. The attacker launches a malicious computational workload on the GPU which operates alongside the victim’s application. Depending on neural network parameters, the intensity and pattern of contention on the cache, memory and functional units differ over time, creating measurable leakage. The attacker uses machine learning-based classification on performance counter traces to extract the victim’s secret neural network structure, such as number of neurons in a specific layer of a deep neural network."

"In the future the group plans to test the feasibility of GPU side channel attacks on Android phones."

http://www.cs.ucr.edu/~zhiyunq/pub/ccs18_gpu_side_channel.pdf

Hozzászólás megjelenítési lehetőségek

A választott hozzászólás megjelenítési mód a „Beállítás” gombbal rögzíthető.

Térjünk vissza a karakteres soros terminálokra!

=====
tl;dr
Egy-két mondatban leírnátok, hogy lehet ellopni egy bitcoin-t?

Szerintem gyujtsuk fel. Ami nincs azzal problema sincs. Neo ludditizmus. :)

"All three attacks require the victim to first acquire a malicious program embedded in a downloaded app. The program is designed to spy on the victim’s computer."

Szóval le kell guglizni a szetáp ekszét és adminként lefuttatni. Kérem kapcsolja ki.

--
debian,libreelec,openmediavault,ubuntu,windows,arch,lineageOS
zbook/elitebook/rpi3/nexus5_hammerhead