(Press-News.org) Modern websites place ever greater demands on the computing power of computers. For this reason, web browsers have also had access to the computing capacities of the graphics card (Graphics Processing Unit or GPU) in addition to the CPU of a computer for a number of years. The scripting language JavaScript can utilise the resources of the GPU via programming interfaces such as WebGL and the new WebGPU standard. However, this harbours risks. Using a website with malicious JavaScript, researchers from the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) were able to spy on information about data, keystrokes and encryption keys on other people’s computers in three different attacks via WebGPU.
An appeal to the browser manufacturers
WebGPU is currently still under active development, but browsers such as Chrome, Chromium, Microsoft Edge and Firefox Nightly versions already support it. Thanks to its greater flexibility and modernised design compared to WebGL, the interface will be widely used in the coming years. “Our attacks do not require users to interact with a website and they run in a time frame that allows them to be carried out during normal internet surfing. With our work, we want to clearly point out to browser manufacturers that they need to deal with access to the GPU in the same way as with other resources that affect security and privacy,” says Lukas Giner from the Institute of Applied Information Processing and Communications at TU Graz.
The research team carried out its attacks on several systems in which different graphics cards from NVIDIA and AMD were installed – the NVIDIA cards used were from the GTX 1000 series and the RTX 2000, 3000 and 4000 series, while the AMD cards used were from the RX 6000 series. For all three types of attack, the researchers used the access to the computer’s cache memory available via WebGPU, which is intended for particularly fast and short-term data access by the CPU and GPU. This side channel provided them with meta-information that allowed them to draw conclusions about security-relevant information.
Changes in the cache as an indicator
The team was able to track changes in the cache by filling it themselves using code in the JavaScript via WebGPU and monitoring when their own data was removed from the cache by input. This made it possible to analyse the keystrokes relatively quickly and accurately. By segmenting the cache more finely, the researchers were also able to use a second attack to set up their own secret communication channel, in which filled and unfilled cache segments served as zeros and ones and thus as the basis for binary code. They used 1024 of these cache segments and achieved transfer speeds of up to 10.9 kilobytes per second, which was fast enough to transfer simple information. Attackers can use this channel to extract data that they were able to attain using other attacks in areas of the computer that are disconnected from the internet.
The third attack targeted AES encryption, which is used to encrypt documents, connections and servers. Here, too, they filled up the cache, but with their own AES encryption. The reaction of the cache enabled them to identify the places in the system that are responsible for encryption and access the keys of the attacked system. “Our AES attack would probably be somewhat more complicated under real-time conditions because many encryptions run in parallel on a GPU,” says Roland Czerny from the Institute of Applied Information Processing and Communications at TU Graz. “Nevertheless, we were able to demonstrate that we can also attack algorithms very precisely. We did of course communicate the findings of our work to the browser manufacturers in advance and we hope that they will take this issue into account in the further development of WebGPU.”
The research work and accompanying paper will be presented at the ACM Asia Conference on Computer and Communications Security from 1 to 5 July in Singapore.
This research topic is anchored in the Field of Expertise Information, Communication & Computing, one of the five strategic research foci at TU Graz.
END
Security vulnerability in browser interface allows computer access via graphics card
Researchers at Graz University of Technology were successful with three different side-channel attacks on graphics cards via the WebGPU browser interface. The attacks were fast enough to succeed during normal surfing behavior
2024-04-15
ELSE PRESS RELEASES FROM THIS DATE:
Physical activity reduces stress-related brain activity to lower cardiovascular disease risk
2024-04-15
Key Takeaways
Results from a new study indicate that physical activity may help protect against cardiovascular disease in part by reducing stress-related brain activity
This effect in the brain may help to explain why study participants with depression (a stress-related condition) experienced the greatest cardiovascular benefits from physical activity.
BOSTON – New research indicates that physical activity lowers cardiovascular disease risk in part by reducing stress-related signaling in the brain.
In the study, which was led by investigators at Massachusetts General Hospital (MGH), a founding member of the Mass General Brigham healthcare ...
Inaugural International COSPAR Planetary Protection Week: Set to inspire global collaboration in London
2024-04-15
With an increasing number of space missions targeting various celestial bodies, including Mars, Europa, and the Moon, the importance of maintaining the integrity of these environments while protecting our own biosphere has never been greater. The ICPPW will serve as a platform for promoting international collaboration and knowledge exchange on best practice in planetary protection.
The event will feature a range of sessions, meetings, as well as panel discussions, covering key topics such as the current and ...
A quarter of deaths among young adults in Canada were opioid related in 2021
2024-04-15
Premature deaths related to opioids doubled between 2019 and 2021 across Canada, with more than 1 in 4 deaths among young adults aged 20–39 years attributable to opioids, according to new research published in CMAJ (Canadian Medical Association Journal) https://www.cmaj.ca/lookup/doi/10.1503/cmaj.231339.
Opioid-related deaths have continued to increase over the past decade across Canada, with 6222 deaths occurring in 2021. This trend worsened during the COVID-19 pandemic, although the scale and rapidity of increases varied across provinces and territories. ...
Severe morning sickness: how to diagnose and treat
2024-04-15
Severe morning sickness in pregnancy, known medically as hyperemesis gravidarum, can negatively affect both maternal and infant health. A review published in CMAJ (Canadian Medical Association Journal) https://www.cmaj.ca/lookup/doi/10.1503/cmaj.221502 provides information to clinicians on the causes, diagnosis, and treatment of the condition.
Although nausea and vomiting are common in pregnancy, affecting as many as 70% of pregnancies, severe vomiting and nausea can prevent people from eating and drinking sufficiently, leading to weight loss and ...
Digging up new species of Australia and New Guinea’s giant fossil kangaroos
2024-04-15
Palaeontologists from Flinders University have described three unusual new species of giant fossil kangaroo from Australia and New Guinea, finding them more diverse in shape, range and hopping method than previously thought.
The three new species are of the extinct genus Protemnodon, which lived from around 5 million to 40,000 years ago – with one about double the size of the largest red kangaroo living today.
The research follows the discovery of multiple complete fossil kangaroo skeletons from Lake Callabonna in arid South Australia in 2013, 2018 and 2019. These extraordinary fossils allowed lead researcher ...
Carbon beads help restore healthy gut microbiome and reduce liver disease progression
2024-04-15
Innovative carbon beads, invented by researchers at UCL, reduce bad bacteria and inflammation in animal models, which are linked to liver cirrhosis and other serious health issues.
The study, published in Gut, found that the carbon beads, licensed to UCL-spinout Yaqrit, were effective in restoring gut health and had a positive impact on liver, kidney and brain function in rats and mice. They were also found to be safe for human use.
The next step will be to see if the same benefits can be realised in humans, which would ...
School suspensions and exclusions put vulnerable children at risk
2024-04-15
Managing problematic student behaviour is one of the most persistent, challenging, and controversial issues facing schools today. Yet despite best intentions to build a more inclusive and punitive-free education system, school suspensions and expulsions remain.
Now, new research from the University of South Australia shows that exclusionary practices not only fail to identify the deep-rooted causes of challenging student behaviours but exacerbate negative issues rather than resolve them.
Lead researcher, UniSA’s Professor Anna Sullivan, says schools face difficult decisions around ...
Tuberculosis can have a lasting impact on the lung health of individuals who have been successfully treated for the disease
2024-04-15
Finding strongly indicates that post-TB lung disease is an under-recognised global challenge, UK researchers say
**Note: the release below is a special early release from the ESCMID Global Congress (formerly ECCMID, Barcelona, Spain, 27-30 April). Please credit the congress if you use this story**
**ECCMID has now changed name to ESCMID Global, please credit ESCMID Global Congress in all future stories**
New research being presented at this year’s ESCMID Global Congress (formerly ECCMID) in Barcelona, Spain (27-30 ...
Untangling dreams and our waking lives
2024-04-14
Sunday, April 14, 2024 - Toronto - “Dreams are messages from the deep.” (Dune Part 1) Musings about dreams abound throughout society, from movies to TV to books. But despite being a constant source of fascination, the role of dreams in our lives still remains elusive. As recently noted in the TV show Grey’s Anatomy: “Honestly, no one knows why we dream or why we have nightmares.” While true, neuroscientists are finding innovative new ways to study dreams and how they influence our cognition.
“Understanding how dreams are generated and what their function might be — if any — is one of science's ...
Important health information missing in online food delivery menus
2024-04-14
A University of Sydney study investigating menu items on major online food delivery outlets and applications (apps) in Australia has found most advertised items are missing nutritional information that would otherwise help consumers make healthy choices.
Researchers say the findings show this information is largely absent or poorly provided on online food retail platforms and menu labelling laws need to keep up with increasing demand of online food delivery services.
The 2011 New South Wales Menu Labelling Scheme require large fast-food outlets to display both the average energy content (as Kilojoules) on menu items and the reference statement ‘the ...
LAST 30 PRESS RELEASES:
Soccer heading damages brain regions affected in CTE
Autism and neural dynamic range: insights into slower, more detailed processing
AI can predict study results better than human experts
Brain stimulation effectiveness tied to learning ability, not age
Making a difference: Efficient water harvesting from air possible
World’s most common heart valve disease linked to insulin resistance in large national study
Study unravels another piece of the puzzle in how cancer cells may be targeted by the immune system
Long-sought structure of powerful anticancer natural product solved by integrated approach
World’s oldest lizard wins fossil fight
Simple secret to living a longer life
Same plant, different tactic: Habitat determines response to climate
Drinking plenty of water may actually be good for you
Men at high risk of cardiovascular disease face brain health decline 10 years earlier than women
Irregular sleep-wake cycle linked to heightened risk of major cardiovascular events
Depression can cause period pain, new study suggests
Wistar Institute scientists identify important factor in neural development
New imaging platform developed by Rice researchers revolutionizes 3D visualization of cellular structures
To catch financial rats, a better mousetrap
Mapping the world's climate danger zones
Emory heart team implants new blood-pumping device for first time in U.S.
Congenital heart defects caused by problems with placenta
Schlechter named Cancer Moonshot Scholar
Two-way water transfers can ensure reliability, save money for urban and agricultural users during drought in Western U.S., new study shows
New issue of advances in dental research explores the role of women in dental, clinical, and translational research
Team unlocks new insights on pulsar signals
Great apes visually track subject-object relationships like humans do
Recovery of testing for heart disease risk factors post-COVID remains patchy
Final data and undiscovered images from NASA’s NEOWISE
Nucleoporin93: A silent protector in vascular health
Can we avert the looming food crisis of climate change?
[Press-News.org] Security vulnerability in browser interface allows computer access via graphics cardResearchers at Graz University of Technology were successful with three different side-channel attacks on graphics cards via the WebGPU browser interface. The attacks were fast enough to succeed during normal surfing behavior