with that name Hot pixels, and without further context we can come to all sorts of conclusions trying to figure out what it’s about. Of course, the first thing that comes to mind is a fairly common problem with digital camera sensors, which is that some camera pixel is constantly on and consequently shows a brighter color than it should. But no, we didn’t talk about that, so in my case, my first thought was that it was referring to a new indie game, but no, neither. We are actually facing a flank attack technique (do you now wish he was right and it was a new game?)

Before we start analyzing what it consists of and what it provides when used, it is important to clarify we are talking about a technique developed by researchers, not some kind of pathogen that is swarming the network and putting your data at risk. But it’s true that its simple disclosure already makes a difference in this sense, so maybe some sleuths have started thinking about how to exploit this vulnerability, which affects two basic PC components: CPU and GPU.

Hot Pixels uses DVFS (Dynamic Voltage and Frequency Scaling), a technique used by modern CPUs and graphics chips that controls their frequency and voltage in real time to balance consumption and heat generation based on performance requirements at any given moment. Thanks to it, it is possible to maintain a constant optimization by reducing the electrical consumption, moreover, problems caused by the temperature of the mentioned components can be avoided.

The researchers found that the occurrence that DVFS has on a set of sensors found inside the same chipsets can be used along with a script running in a web browser to derive the content displayed on the system screen. To do this, they use a set of Scalable Vector Graphics (SVG) filters to induce data-dependent execution on the target CPU or GPU, and then use JavaScript to measure the computation time and frequency to derive the pixel color.

The main problem is that, unlike other types of information generated by the system, the data provided by these sensors is not considered compromised information and is therefore not protected in any way, so any user of the system can access them without restriction, whether he is an administrator or not. Tests performed by this team of researchers showed an accuracy between 60% and 94%, with the time needed to identify each pixel varying between 8.1 and 22.4 seconds. The AMD Radeon RX 6600 GPU appears to be the most vulnerable device to hot pixel attacks, while Apple’s SoCs (M1 and M2) appear to be the most secure.

Hot Pixels is not the first attack technique to rely on DVFS. Hertzbleed, which we told you about a year ago, also uses information provided by system sensors and allows it to steal cryptographic keys on Intel and AMD processors.

More information