With that name, Hot Pixels, and without further context, we can reach the most varied conclusions when trying to find out what it is about. The first thing that comes to mind, of course, is the relatively common problem with digital camera sensors, which consists in that some pixel of the camera is always on and, consequently, shows a brighter color than what should. But no, we didn’t talk about that so, in my case, the first thing I thought was that he was referring to a new indie game, but no, neither. Actually we are facing a side attack technique (do you now wish he had been right and it was a new game?)
Before starting to analyze what it consists of and what it provides when exploited, it is important to clarify that we are talking about a technique developed by researchers, that is, not about some kind of pathogen that is swarming the network to endanger your data. However, it is true that its simple disclosure already makes a difference in this sense, so possibly some mischievous minds have begun to think about how to exploit this vulnerability that affects two basic components of the PC: the CPU and the GPU.
Hot Pixels takes advantage of DVFS (Dynamic Voltage and Frequency Scaling), a technique used by modern CPUs and graphics chips that manages their frequency and voltage in real time, in order to balance consumption and heat generation based on performance demand at each moment. Thanks to it, it is possible to maintain a constant optimization by reducing electrical consumption, in addition to avoiding problems due to the temperature of said components.
What the researchers have discovered is that the incidence that DVFS has on the set of sensors that we find inside those same chipsets can be used, together with a script executed in the web browser, to infer the content being displayed on the system screen. To that end, they employ a set of Scalable Vector Graphics (SVG) filters to induce data-dependent execution on the target CPU or GPU, and then use JavaScript to measure computation time and frequency to infer the color of the pixel.
The main problem is that, unlike other types of information generated by the system, the data provided by these sensors is not considered compromised information and, therefore, it is not protected in any way, so that any user of the system, whether or not it is an administrator, can access them without limitations. The tests carried out by this team of researchers have shown an accuracy of between 60% and 94%, while the time required to identify each pixel varies between 8.1 and 22.4 seconds. The AMD Radeon RX 6600 GPU appears to be the most vulnerable device to “hot pixel” attacks, while Apple’s SoCs (M1 and M2) appear to be the most secure.
Hot Pixels is not the first attack technique that relies on DVFS. Hertzbleed, which we told you about about a year ago, also uses the information provided by the system’s sensors, and allows it to steal cryptographic keys on Intel and AMD processors.
More information
