A team of security researchers funded in part by DARPA and the US Air Force has demonstrated tactics that allowed them to steal data from Arm CPUs from Apple and Qualcomm, and also from discrete GPUs from Nvidia and AMD and integrated graphics in Intel and Apple chips, by monitoring chip temperature, power, and frequency during normal operation. The attack requires data from the PC's internal power, temp, and frequency sensors, but this information can be accessed from local user accounts that don't have administrator access. In this manner, an unprivileged user could gain access to privileged data.
The researchers' current attack methods serve as a proof of concept, but luckily data exfiltration rates are very low with the current method, and if a user had direct access to the system, such as required here, they would likely target easier attack surfaces. However, the researchers note that further work could speed up the process, and this is typically how a broad class of attacks begin to be exploited -- a proof of concept proving that the tactic works, and then rapid acceleration by other researchers and/or nefarious actors.
The researchers' paper, 'Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs [PDF],' demonstrates using a side-channel attack, which is a type of attack that allows exfiltrating data by measuring certain physical emissions of a computer.
In this case, the researchers leveraged the information exposed by the Dynamic Voltage and Frequency Scaling (DVFS) mechanism that is present on nearly all modern chips. DVFS modulates frequency and power in real-time to keep heat and TDP at acceptable levels, therefore unlocking either the best power efficiency or the best performance for the currently running task on the processor. This is controlled by the chips' P-state, which the researchers used to gather data.
By forcing one of the three variables of DVFS (heat, power, or frequency) to become a constant, the researchers can then monitor the other two variables to distinguish which instructions are being executed, even with enough precision to ascertain the different operands of the same instruction.
Ultimately, this furthers other attack methods, like website fingerprinting. Additionally, by monitoring frequency throttling via a Javascript code running in a browser, the researchers used pixel-stealing and history-sniffing attacks with the latest versions of Chrome and Safari despite all side-channel mitigations being enabled.
Here we can see some of the monitoring work the researchers did to observe the DVFS variables on Apple's M1 and M2, the Qualcomm Snapdragon 8 Gen 1, and the Google Tensor processor. As you can see in the slides, the researchers were able to accurately map different types of instructions, such as MUL, ADD, FMUL, and AES, to certain points on each of the frequency, power, and temperature curves. This opens up other attack vectors.
The researchers note that some chips leak data through the power and frequency data because they are attempting to satisfy thermal constraints, while other chips leak data through variable power and thermal data because they run at a fixed frequency. Both types of operation are vulnerable to these attack methods.
In the above slides, we can see some of the tests used to exfiltrate data from the AMD Radeon RX 6000 and Nvidia RTX 3060 discrete GPUs, Apple's integrated GPU present on the M1 and M2, and Intel's Iris XE integrated graphics.
The researchers note that the speed of data exfiltration is currently limited to 0.1 bits per second but can be optimized with future work. Also, thermally constrained devices can take a 'considerable' amount of time to reach a steady state. Additionally, using an API block for temperature and frequency metrics could hinder the attack, and adding active cooling for devices that are typically passive, like the Apple M1 SoC, could also mitigate the attack.
The USAF, DARPA, and NSF, among others, including gifts from Qualcomm and Cisco, funded the work, but the authors say the views in the paper should not be considered the views of the US government.
The researchers engaged in responsible disclosure practices and notified Apple, Nvidia, AMD, Qualcomm, Intel, and the Google Chrome team. The paper states that all vendors have acknowledged the issues described in the paper. We aren't aware of any mitigations for the attacks yet, but we will follow up with the vendors and update as necessary.
