Security News > 2023 > May > Hot Pixels attack checks CPU temp, power changes to steal data
A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called "Hot Pixels," which can retrieve pixels from the content displayed in the target's browser and infer the navigation history.
Next, the team experimented with data-dependent leakage channels on discreet and integrated GPUs, including Apple's M1 and M2, AMD Radeon RX 6600, Nvidia GeForce RTX 3060, and Intel Iris Xe. The researchers performed a detailed investigation and characterization of how different processing behaviors could impact observable factors like power consumption, temperature, and frequency and used this data as a foundation to evaluate the "Hot Pixels" attack.
The setup constraints the power and temperature of the CPUs so that data about the color of the pixels displayed on the target's screen is leaked through the processor's frequency.
The attack mechanism involves leveraging SVG filters to induce data-dependent execution on the target CPU or GPU and then using JavaScript to measure the computation time and frequency to infer the pixel color.
Hot Pixels attacks only work well on devices that quickly reach a stable state of power usage, like smartphones, although the data leak throughput is generally small.
More details about the Hot Pixels attack can be found on the technical paper published by the researchers earlier this week.