‘Hot Pixel’: New Attack Exploits Modern GPUs and SoCs to Steal Browsing History

A landmark collaboration between the University of Michigan, Ruhr University Bochum and Georgia Tech has discovered a pioneering cyberattack method dubbed "Hot Pixel," which targets the intricate relationship between graphic processing units (GPUs), modern system-on-a-chip (SoCs) and browser data.

The "Hot Pixel" attack marks a shift from traditional security vulnerabilities, as it exploits data-dependent computation times in GPUs and SoCs to exfiltrate information from Chrome and Safari browsers, even bypassing contemporary side-channel countermeasures.

The researchers based their discovery on the inherent challenges that modern processors face in managing power consumption and heat dissipation, especially at high execution speeds. This imbalance creates a unique digital fingerprint that can be detected and analyzed.

The "Hot Pixel" attack leverages these idiosyncrasies to infer a device's navigation history by extracting pixels from the content displayed in the target's browser. By studying behavioral variations of the processor under different browsing conditions, the attackers could quickly figure out the data being processed.

“The rendered image of a webpage may contain private information that should be isolated from scripts running on the page,” the technical paper reads. “Examples include embeddings of cross-domain content through the use of iframe elements, and the rendering of hyperlinks, which indicates whether they have been visited.”

Researchers experimented on several processors and GPUs in the Chrome and Safari web browsers. On Chrome, they could exfiltrate pixel-based data with an accuracy ranging from 60% to 94%; deciphering each pixel took between 8.1 and 22.4 seconds.

Safari’s anti-pixel-stealing policy prevents sending cookies to iframe elements if their origin differs from the attacker’s parent page. However, the researchers discovered that attackers can still exfiltrate the victim’s browsing history by planting URLs to sensitive pages on their site. Since links are displayed differently if they’ve been previously accessed, attackers could easily determine if their victim has accessed a specific address.

The researchers propose a series of steps to prevent Hot Pixel-like attacks, including:

• Limit thermally constrained devices
• Enforce hardware-based limitations (run systems below their thermal budgets)
• Isolate cookies from cross-origin iframes, stripping iframes-displayed content of secrets
• Remove unprivileged access to sensor readings (OS-level mitigation)