Hackers could steal your data via an unpatched GPU pixel-stealing attack. Though that 'could' is doing some real heavy lifting
A potentially scary, though difficult to implement side-channel attack that could allow malicious websites to read and extract sensitive data has broken cover. The vulnerability affects all GPU manufacturers across devices ranging from PCs, to laptops and phones.
According to a paper released by researchers from four American universities (via Ars Technica), the so-called GPU.zip attack relates to GPU compression data. This is proprietary so it would require a hacker to have a deep knowledge of GPU compression algorithms, which are closed in nature and would require reverse engineering. That's no mean feat for a start.
A malicious website can then use a cross-origin SVG (scalable vector graphics) filter to read the pixels displayed by another website. It works by visiting a website with embedded iframe HTML elements. The iframe links to the cross-origin webpage allowing a hacker to extract information as it appears on the screen, one pixel at a time.
But it's also web browser dependent. According to the researchers, Firefox and Safari don't meet the requirements for GPU.zip to work, so chalk one up to them I guess.
As for a fix, it's believed the GPU manufacturers are pushing for a software solution. In a statement provided to Bleeping Computer, an Intel spokesperson was quoted as saying: «While Intel hasn't had access to the researcher's full paper, we assessed the researcher findings that were provided and determined the root cause is not in our GPUs but in third party software.»
Best CPU for gaming: The top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game ahead of the rest.
There's no need to panic.
Read more on pcgamer.com
