Pixel stealing attack
{{Short description|Web security attack}}
{{orphan|date=August 2024}}
In cybersecurity, pixel stealing attacks are a group of timing side-channel attacks that allow cross-origin websites to infer how a particular pixel is displayed to the user.{{Cite journal |last1=Taneja |first1=Hritvik |last2=Kim |first2=Jason |last3=Xu |first3=Jie Jeff |last4=Schaik |first4=Stephan van |last5=Genkin |first5=Daniel |last6=Yarom |first6=Yuval |date=2023 |title=Hot Pixels: Frequency, Power, and Temperature Attacks on {GPUs} and Arm {SoCs} |url=https://www.usenix.org/conference/usenixsecurity23/presentation/taneja |journal=USENIX Security 2023 |language=en |pages=6275–6292 |isbn=978-1-939133-37-3}}{{Cite book |last1=Wang |first1=Yingchen |last2=Paccagnella |first2=Riccardo |last3=Wandke |first3=Alan |last4=Gang |first4=Zhao |last5=Garrett-Grossman |first5=Grant |last6=Fletcher |first6=Christopher W. |last7=Kohlbrenner |first7=David |last8=Shacham |first8=Hovav |chapter=DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data |date=2023-05-01 |title=2023 IEEE Symposium on Security and Privacy (SP) |chapter-url=https://ieeexplore.ieee.org/document/10179326 |publisher=IEEE |pages=2306–2320 |doi=10.1109/SP46215.2023.10179326 |isbn=978-1-6654-9336-9}}{{Cite journal |last1=Kohlbrenner |first1=David |last2=Shacham |first2=Hovav |date=2017 |title=On the effectiveness of mitigations against floating-point timing channels |url=https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/kohlbrenner |journal=USENIX Security 2017 |language=en |pages=69–81 |isbn=978-1-931971-40-9}}{{Cite book |last1=Andrysco |first1=Marc |last2=Kohlbrenner |first2=David |last3=Mowery |first3=Keaton |last4=Jhala |first4=Ranjit |last5=Lerner |first5=Sorin |last6=Shacham |first6=Hovav |chapter=On Subnormal Floating Point and Abnormal Timing |date=2015-05-01 |title=2015 IEEE Symposium on Security and Privacy |chapter-url=https://ieeexplore.ieee.org/document/7163051 |publisher=IEEE |pages=623–639 |doi=10.1109/SP.2015.44 |isbn=978-1-4673-6949-7}}{{Cite book |last1=Kotcher |first1=Robert |last2=Pei |first2=Yutong |last3=Jumde |first3=Pranjal |last4=Jackson |first4=Collin |chapter=Cross-origin pixel stealing: Timing attacks using CSS filters |date=2013-11-04 |title=Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13 |chapter-url=https://dl.acm.org/doi/abs/10.1145/2508859.2516712 |location=New York, NY, USA |publisher=Association for Computing Machinery |pages=1055–1062 |doi=10.1145/2508859.2516712 |isbn=978-1-4503-2477-9}}
History
One of the earliest known instances of a pixel-stealing attack was described by Paul Stone in a white paper presented at the Black Hat Briefings conference in 2013.{{Cite conference| publisher = IEEE Computer Society| doi = 10.1109/SP54263.2024.00084| isbn = 9798350331301| conference = 2024 IEEE Symposium on Security and Privacy (SP)| pages = 87| last1 = Wang| first1 = Yingchen| last2 = Paccagnella| first2 = Riccardo| last3 = Gang| first3 = Zhao| last4 = Vasquez| first4 = Willy| last5 = Kohlbrenner| first5 = David| last6 = Shacham| first6 = Hovav| last7 = Fletcher| first7 = Christopher| title = GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression| access-date = 2024-08-25| date = 2023-10-17| url = https://www.computer.org/csdl/proceedings-article/sp/2024/313000a084/1RjEaSnpO3m| url-access = subscription}} Stone's approach exploited a quirk in how browsers rendered images encoded in the SVG format. SVG images support various features, including the ability to apply SVG filters that applies transform image content. Stone discovered that by measuring the time it took for a browser to render a morphological filter over a known set of pixels and then comparing this with the time taken to render the same filter over a pixel from an unknown website, he could infer the color of the pixels. This allowed him to build a grayscale image of the other website which could be then used to leak information about the website.{{Cite web |last=Stone |first=Paul |date=July 2013 |title=Pixel Perfect Timing Attacks with HTML5 |url=https://media.blackhat.com/us-13/US-13-Stone-Pixel-Perfect-Timing-Attacks-with-HTML5-WP.pdf |website=Black Hat Briefings}}{{Cite journal |last1=O'Connell |first1=Sioli |last2=Sour |first2=Lishay Aben |last3=Magen |first3=Ron |last4=Genkin |first4=Daniel |last5=Oren |first5=Yossi |last6=Shacham |first6=Hovav |last7=Yarom |first7=Yuval |date=2024 |title=Pixel Thief: Exploiting {SVG} Filter Leakage in Firefox and Chrome |url=https://www.usenix.org/conference/usenixsecurity24/presentation/oconnell |journal=USENIX Security |language=en |pages=3331–3348 |isbn=978-1-939133-44-1}}