blog

Hot Pixels: A New CPU Data Theft Attack

Written by Securafy Team | Jun 27, 2023 3:00:00 PM

A research team at Georgia Tech discovered a new threat called "Hot Pixels." It is a type of online attack where hackers can find out what websites have been visited by looking at the colors on the screen. They use special programs to do this and can find out the colors of most pixels. That is possible by studying patterns in how certain parts of the computer behave. Specifically, those parts that help produce images (GPUs) and compact computer systems (SoCs). Hot Pixels can extract information from a user's browser, including their browsing history, so business owners need to be more aware of these new cyber threats to avoid being affected by them.

How Hot Pixel Attacks Work

Researchers learned that modern CPUs have issues with power use and heat, especially at high processing speeds. This creates patterns that can be used to pull out data from webpages on Safari and Chrome.  Internal sensor measurements can be read using certain software. That’s how hackers can get right 94% of the information on a computer.

Studying frequency, power, and temperature on modern computers, the researchers found that data from processors that are passive can be read by looking at frequency and power. Meanwhile, those that are actively cooled leak information through temperature and power. The researchers focused on arm-based SoCs, GPUs, and CPUs as they're the most common. They have informed concerned tech giants about the issue and they are working to make their products safer.

Understanding the findings of this research can help business owners prevent these types of attacks.

A Reminder to Businesses to Update Security Protocols

Currently, there isn't an conclusive effective security measures to prevent hot pixel attacks yet. For now, business owners should focus on learning about the complexities of hot pixel attacks and staying updated on developments. That way, they can build better defenses against this threat and protect sensitive information.