'Hot Pixel' Attack Steals Data From Apple, Intel, Nvidia, and AMD Chips via Frequency, Power and Temperature Info

Apple M1 Max
(Image credit: Apple)

A team of security researchers funded in part by DARPA and the US Air Force has demonstrated tactics that allowed them to steal data from Arm CPUs from Apple and Qualcomm, and also from discrete GPUs from Nvidia and AMD and integrated graphics in Intel and Apple chips, by monitoring chip temperature, power, and frequency during normal operation. The attack requires data from the PC's internal power, temp, and frequency sensors, but this information can be accessed from local user accounts that don't have administrator access. In this manner, an unprivileged user could gain access to privileged data.

The researchers' current attack methods serve as a proof of concept, but luckily data exfiltration rates are very low with the current method, and if a user had direct access to the system, such as required here, they would likely target easier attack surfaces. However, the researchers note that further work could speed up the process, and this is typically how a broad class of attacks begin to be exploited -- a proof of concept proving that the tactic works, and then rapid acceleration by other researchers and/or nefarious actors.

The researchers' paper, 'Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs [PDF],' demonstrates using a side-channel attack, which is a type of attack that allows exfiltrating data by measuring certain physical emissions of a computer.

In this case, the researchers leveraged the information exposed by the Dynamic Voltage and Frequency Scaling (DVFS) mechanism that is present on nearly all modern chips. DVFS modulates frequency and power in real-time to keep heat and TDP at acceptable levels, therefore unlocking either the best power efficiency or the best performance for the currently running task on the processor. This is controlled by the chips' P-state, which the researchers used to gather data.

By forcing one of the three variables of DVFS (heat, power, or frequency) to become a constant, the researchers can then monitor the other two variables to distinguish which instructions are being executed, even with enough precision to ascertain the different operands of the same instruction.

Ultimately, this furthers other attack methods, like website fingerprinting. Additionally, by monitoring frequency throttling via a Javascript code running in a browser, the researchers used pixel-stealing and history-sniffing attacks with the latest versions of Chrome and Safari despite all side-channel mitigations being enabled.

Here we can see some of the monitoring work the researchers did to observe the DVFS variables on Apple's M1 and M2, the Qualcomm Snapdragon 8 Gen 1, and the Google Tensor processor. As you can see in the slides, the researchers were able to accurately map different types of instructions, such as MUL, ADD, FMUL, and AES, to certain points on each of the frequency, power, and temperature curves. This opens up other attack vectors. 

The researchers note that some chips leak data through the power and frequency data because they are attempting to satisfy thermal constraints, while other chips leak data through variable power and thermal data because they run at a fixed frequency. Both types of operation are vulnerable to these attack methods. 

In the above slides, we can see some of the tests used to exfiltrate data from the AMD Radeon RX 6000 and Nvidia RTX 3060 discrete GPUs, Apple's integrated GPU present on the M1 and M2, and Intel's Iris XE integrated graphics. 

The researchers note that the speed of data exfiltration is currently limited to 0.1 bits per second but can be optimized with future work. Also, thermally constrained devices can take a 'considerable' amount of time to reach a steady state. Additionally, using an API block for temperature and frequency metrics could hinder the attack, and adding active cooling for devices that are typically passive, like the Apple M1 SoC, could also mitigate the attack.

The USAF, DARPA, and NSF, among others, including gifts from Qualcomm and Cisco, funded the work, but the authors say the views in the paper should not be considered the views of the US government.

The researchers engaged in responsible disclosure practices and notified Apple, Nvidia, AMD, Qualcomm, Intel, and the Google Chrome team. The paper states that all vendors have acknowledged the issues described in the paper. We aren't aware of any mitigations for the attacks yet, but we will follow up with the vendors and update as necessary. 

Paul Alcorn
Managing Editor: News and Emerging Tech

Paul Alcorn is the Managing Editor: News and Emerging Tech for Tom's Hardware US. He also writes news and reviews on CPUs, storage, and enterprise hardware.

  • cyrusfox
    They are claiming to steal 0.1 bit per second with this technique... Good luck piecing anything meaningful together, this is an absurd technique and without multiple generations of exponential improvement it will remain an impractical paper exercise.
    Reply
  • InvalidError
    If you need software already running on the machine to exfiltrate data through a low-speed side-channel like heat output, power draw, blinking keyboard LEDs, etc., you have many other ways to do the job more efficiently such as whatever method was used to put the exfiltration software on there in the first place.
    Reply
  • Metal Messiah.
    Software mitigation might also be possible.

    They can "isolate" cookies from cross-origin iframes, to mitigate some of these pixel- stealing attacks, so the content displayed in iframe will not contain any sensitive or secret data. SAFARI already uses this, but for Google Chrome I think the devs are still considering using this.

    Might require some change in HTML code standard though.

    Preventing or stopping the SVG filters from being applied to the iframes or hyperlinks might help with pixel stealing, and other sniffing attacks IMO.
    Reply
  • RichardtST
    This is so completely ridiculous. I mean, it requires hostile software already running on the machine... The operator could memorize the data a few bytes at a time and write it down faster than the exfiltration rate! Not only that, but in this day and age, with cores and SBCs and everything else so cheap, if you have sensitive data on a machine where there are users that are not supposed to be accessing it... then YOU ARE THE PROBLEM. Data that needs to be separated needs to be on separate hardware. No ifs, ands, or buts. With the complexity of it all these days 100% separation on the same hardware is impossible. Forget it.
    Reply
  • Atom Symbol
    It isn't an unexpected result. It was assumed for quite some time that side-channel attacks via frequency, power or temperature measurements are possible in theory, and that only effort and focus from researchers is required to prove that it is possible in practice.

    A much more interesting result would be to prove theoretically that reading CPU's temperature over a sufficiently long period of time (such as: 1 million years) enables the reconstruction of the CPU's architecture and of the state of the CPU such as the values of registers and the contents of µop/L1/L2/L3 caches and buffers.
    Reply
  • bill001g
    Most machine where you would go to this level to spy on are already air gapped. The much larger problem is when you have to actually warn your employees to not put sensitive corporate data into chatgpt. Why bother with fancy spying tools when stupid people will just hand you the data.
    Reply
  • PEnns
    0.1 bit per second!!
    Ridiculous! Your tax money hard at work for such stupid results.
    Reply
  • kjfatl
    Some of these techniques of stealing data seem like ridiculous wasted time for DOD funded researchers just sucking down our government's money. One of these techniques was able to extract one unencrypted byte of an encrypted computer program. Once the technique was understood, the process was automated allowing the entire program to be extracted one byte at a time.

    In many cases the machine is air-gapped but the same encryption codes are used across multiple devices, and in some cases device types. Air-gapped is also a misnomer. There is always a way to bridge the gap. In come cases the 'bridge' involves a USB drive or service personnel who repair the hardware.
    Reply
  • TechieTwo
    This might be fine for someone with lots of time on their hands being paid by the gov'ment to hack somebody's computer but first they need to actually be able to access the computer. Anyone with a clue would be running security software/hardware which would make this hacking approach a dead end.
    Reply
  • I thought you were going to say ‘a dead pixel’ 😀
    Reply