A new brand of side-channel vulnerabilities has been disclosed and this time it's not the CPU that's under attack: it's the GPU.
New exploits published by computer scientists at the University of California, Riverside, leave both individual users and high-performance computing systems at potential risk. The three sets of exploits pull sensitive data out of a graphics processing unit core, and do so with relative ease, compared to some of the side-channel attacks that have been demonstrated on CPUs.
Two of the attacks target individual users, pulling information on website history and passwords. The third could open the door to an organization's machine-learning or neural network applications, exposing details about their computational model to competitors.
The researchers' paper, Rendered Insecure: GPU Side Channel Attacks are Practical, was presented at the ACM SIGSAC conference, and the vulnerabilities have been disclosed to Nvidia, Intel, and AMD.