New research covering a novel exploit that could potentially affect Apple silicon chips was recently published by US-funded security researchers. The proof-of-concept study showcases an attack requiring data as little as the processor’s operating status and could potentially speed up data extraction with other direct attack methods (via Tom’s Hardware).
The research, titled “Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs,” illustrates that data recorded via a system’s Dynamic Voltage and Frequency Scaling (DVFS) can be analyzed to steal information from the processor under attack. The DVFS monitors a processor’s real-time voltage, frequency, and power consumption, quickly adjusting them to keep performance and heat at an optimum.
The hot-pixel exploit can target a wide range of processor architectures, including Qualcomm’s ARM CPUs, discrete and integrated graphics from Nvidia, AMD, and Intel, and Apple silicon’s CPU and GPU. The exploit does not require a privileged or local administrator account to be used since DVFS data are also accessible from non-admin users.
Discover new horizons, always connected with eSIM
Travel the world stress and hassle-free with the best eSIM service available. Enjoy unlimited data, 5G speeds, and global coverage for affordable prices with Holafly. And, enjoy an exclusive 5% discount.
Despite the researchers’ early work on the exploit, they warn that it could quickly advance with faster data extraction rates, or it could be combined with other established attack methods to overcome security patches and fixes. The research tested the exploit with other web-based attacks, such as website fingerprinting, pixel-stealing, and history sniffing, where they were able to overcome Chrome and Safari’s safeguards when used in tandem with the hot-pixel exploit.
Several factors currently limit the viability of the new exploit. For example, its current data extraction rate is constrained to 0.1 bits per second, and blocking access to DVFS data via new APIs greatly restricts the attack. Switching passive cooling for an active solution is also said to weaken the attack since the processor’s temperature is more likely to stay constant irrespective of the executed instruction.
The researchers responsibly followed disclosure practices by notifying Apple, Nvidia, AMD, Qualcomm, Intel, and the Google Chrome team regarding their findings. According to the paper, all vendors have acknowledged the described vulnerabilities. At present, there are no known patches for the exploit, but the researchers plan to maintain communication with the vendors and provide updates as required.
