New Security Risk Found for Your Graphics Card

Be careful, or someone might take your pictures.

New Security Risk Found for Your Graphics Card

Every day, we hear about security problems and weaknesses in the digital world. It's like there are always people trying to find ways to break into our computers and devices. It becomes even more concerning when these problems affect the physical parts of our computers, especially the graphics card. Recently, a new issue has come up that seems to impact almost every well-known graphics card you can find.

Researchers from four American universities have discovered a new computer security problem called "GPU.zip." This issue affects modern graphics cards made by companies like AMD, NVIDIA, Apple, ARM, and Qualcomm. It allows sensitive visual information to be leaked when people visit websites. Despite telling these companies about the problem in March 2023, it still hasn't been fixed as of September 2023.

So, how does this problem work? The main issue with GPU.zip has to do with data compression. Data compression is a way to make files smaller and run faster on your computer. The problem here is that many modern graphics cards automatically use data compression, even for sensitive information, and this isn't always explained well in the user manuals. This compression can be used by bad actors to steal images or pictures from people by taking pixels (the tiny dots that make up images) and turning them into simple colors on websites they shouldn't be able to access. They use special tricks to do this, which makes it hard for people to notice or stop.

In simpler terms, this vulnerability lets bad actors mess around with the colors in pictures on a website and see how long it takes to change those colors. By timing how long it takes to show these changes, they can figure out what the original color or state of a certain part of the webpage was. This can potentially reveal sensitive information like usernames.

The problem is quite serious because it affects a lot of devices like laptops, smartphones, tablets, and regular computers. However, not all graphics cards (the things that make pictures and videos on your screen) are equally at risk, and it's not super easy to pull off this attack quickly. Also, some websites are safe from this attack if they don't allow certain kinds of picture tricks.

It's important to know that Firefox and Safari web browsers are less likely to be affected by this issue because they don't have all the things that this attack needs to work.

In simple terms, this might not directly impact you because it takes a skilled hacker quite a bit of effort to use this vulnerability. However, it's a known problem that has been around for a while. It's possible that GPU manufacturers haven't addressed it yet for various reasons. We don't know when or if they will fix it.

Source: Bleeping Computer

Post a Comment

Previous Post Next Post