A team of security researchers from Georgia Tech, University of Michigan, and Ruhr University Bochum in Germany have reported a new form of side-channel attack that exploits power and speed management techniques used by GPUs and systems-on-chip. (SoC). Researchers have demonstrated how they can steal personal information by targeting data published by dynamic voltage and frequency scaling (DVFS) mechanisms found in most modern chips.

As manufacturers strive to develop thinner and more power-efficient devices, they should aim to create SoCs that balance power consumption, heat generation, and processing speed.

As Georgia Tech professor Hritvik Taneja explains in an article posted on the preprocessing server arXiv Last week, SoCs “offer instruction- and data-dependent behavior where they struggle to balance the three-way tradeoff between frequency, power, and temperature.”

Using Arm-based SoCs, Intel processors, and AMD and Nvidia GPUs, the researchers were able to identify patterns of behavior that occur as processors constantly balance power requirements and thermal constraints. Such regularities were discovered thanks to data leakage from sensors embedded in processors.

The researchers’ hot pixel attack forces one of the variables monitored by DVFS to remain constant. By monitoring the other two variables, they were able to determine which instructions were being executed. Arm chips used in smartphones that contain passively cooled processors can leak data including power and frequency readings, while actively cooled processors used in desktop devices can leak data through temperature and power readings.

Based on such data readings, the researchers deployed various types of attacks, such as background tampering and website fingerprinting.

A hacker can sniff the browsing history by detecting a different color of links previously visited by the user. After a hacker has verified a confidential site such as a bank, he may link to a fake site that looks like the real site.

Researchers tested Apple MacBook Air (M1 and M2), Google Pixel 6 Pro, OnePlus 10 Pro, Nvidia GeForce RTX 3060, AMD Radeon RX 6600 and Intel Iris Xe (i7-1280P). All devices experienced data leaks and the AMD Radeon RX 6600 performed worst with a 94% data breach accuracy rate. Apple’s devices only scored best, with an accuracy of 60% to 67%.

The authors recommended that manufacturers enforce hardware temperature limits, limit unauthorized access to sensor readings, and restrict thermally controlled devices. Researchers have notified all affected manufacturers about the vulnerabilities. No new security measures have yet been announced, but proposals to restrict OS-level access to sensors measuring temperature, power, and frequency have been discussed in the past.