In cybersecurity, pixel stealing attacks are a group of timing side-channel attacks that allow cross-origin websites to infer how a particular pixel is displayed to the user.[1][2][3][4][5]
History
editOne of the earliest known instances of a pixel-stealing attack was described by Paul Stone in a white paper presented at the Black Hat Briefings conference in 2013.[6] Stone's approach exploited a quirk in how browsers rendered images encoded in the SVG format. SVG images support various features, including the ability to apply SVG filters that applies transform image content. Stone discovered that by measuring the time it took for a browser to render a morphological filter over a known set of pixels and then comparing this with the time taken to render the same filter over a pixel from an unknown website, he could infer the color of the pixels. This allowed him to build a grayscale image of the other website which could be then used to leak information about the website.[7][8]
References
edit- ^ Taneja, Hritvik; Kim, Jason; Xu, Jie Jeff; Schaik, Stephan van; Genkin, Daniel; Yarom, Yuval (2023). "Hot Pixels: Frequency, Power, and Temperature Attacks on {GPUs} and Arm {SoCs}". USENIX Security 2023: 6275–6292. ISBN 978-1-939133-37-3.
- ^ Wang, Yingchen; Paccagnella, Riccardo; Wandke, Alan; Gang, Zhao; Garrett-Grossman, Grant; Fletcher, Christopher W.; Kohlbrenner, David; Shacham, Hovav (2023-05-01). "DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data". 2023 IEEE Symposium on Security and Privacy (SP). IEEE. pp. 2306–2320. doi:10.1109/SP46215.2023.10179326. ISBN 978-1-6654-9336-9.
- ^ Kohlbrenner, David; Shacham, Hovav (2017). "On the effectiveness of mitigations against floating-point timing channels". USENIX Security 2017: 69–81. ISBN 978-1-931971-40-9.
- ^ Andrysco, Marc; Kohlbrenner, David; Mowery, Keaton; Jhala, Ranjit; Lerner, Sorin; Shacham, Hovav (2015-05-01). "On Subnormal Floating Point and Abnormal Timing". 2015 IEEE Symposium on Security and Privacy. IEEE. pp. 623–639. doi:10.1109/SP.2015.44. ISBN 978-1-4673-6949-7.
- ^ Kotcher, Robert; Pei, Yutong; Jumde, Pranjal; Jackson, Collin (2013-11-04). "Cross-origin pixel stealing: Timing attacks using CSS filters". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. New York, NY, USA: Association for Computing Machinery. pp. 1055–1062. doi:10.1145/2508859.2516712. ISBN 978-1-4503-2477-9.
- ^ Wang, Yingchen; Paccagnella, Riccardo; Gang, Zhao; Vasquez, Willy; Kohlbrenner, David; Shacham, Hovav; Fletcher, Christopher (2023-10-17). GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression. 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society. p. 87. doi:10.1109/SP54263.2024.00084. ISBN 9798350331301. Retrieved 2024-08-25.
- ^ Stone, Paul (July 2013). "Pixel Perfect Timing Attacks with HTML5" (PDF). Black Hat Briefings.
- ^ O'Connell, Sioli; Sour, Lishay Aben; Magen, Ron; Genkin, Daniel; Oren, Yossi; Shacham, Hovav; Yarom, Yuval (2024). "Pixel Thief: Exploiting {SVG} Filter Leakage in Firefox and Chrome". USENIX Security: 3331–3348. ISBN 978-1-939133-44-1.