Min menu

Pages

Intel Core, AMD Ryzen, Apple M1, Samsung Exynos, how these chips betray your navigation

 Intel Core, AMD Ryzen, Apple M1, Samsung Exynos, how these chips betray your navigation

Researchers have shown that this unavoidable element of the chip can indirectly know which site a user has visited. Even if JavaScript is completely disabled.
Researchers have shown that this unavoidable element of the chip can indirectly know which site a user has visited. Even if JavaScript is completely disabled.


Snitches sometimes nestle in unsuspected places. In 2017, a group of researchers had noticed that it was possible to know the destination of an Internet user just from the volume and time of connection, provided that they had previously trained a machine learning algorithm on thousands of websites. This process is called "website fingerprinting".

A variation of this monitoring technique was proposed in 2019 by another group of researchers. Instead of looking at web traffic, they focused on the behavior of the processor cache.

Their technique assumes that the victim is already connected to the attacker's web server, which can then fill the cache with its data and then test its tampering with JavaScript requests. These requests are coded in such a way that they can calculate the access time to the cached data. If the time increases, it means that the cache has been modified. In the end, it turns out that these alterations are sufficiently characteristic to know which site the Internet user has visited.

A group of researchers has now dug this furrow a little deeper. They tested five cache analysis methods on four processor architectures (Intel Core, AMD Ryzen, Apple M1, Samsung Exynos).

The result: all these platforms are vulnerable to varying degrees.

Surprise: Apple's M1 chip is the most vulnerable of all. The researchers suspect that the heuristic mechanisms of the M1 processor's cache are "less sophisticated" than those of the others, which would make the attacks more effective.

The researchers' analysis also shows that restricting JavaScript functionality to protect oneself does not help much.

Indeed, following the multiplication of fingerprinting techniques by JavaScript, various solutions have been developed. The Chrome Zero extension, for example, offers several degrees of restriction of the JavaScript programming interface (low, moderate, high, paranoid).

But regardless of the situation, the researchers find that the tested methods still manage to perform cache-based monitoring, even when JavaScript is completely disabled. One of the methods the researchers developed relies solely on HTML/CSS code to populate the cache and DNS queries to perform temporal measurements.

The observation is similar to Tor Browser. Some methods do allow monitoring browsing by analyzing the cache behavior.

In the end, the study ends on a rather dark note. The Internet user cannot currently protect himself against such surveillance. It is, therefore, necessary to avoid connecting to untrusted sites that could carry out this type of spying. The only improvement track mentioned by the researchers is that of a better partitioning of the data, either at the level of the processor or the operating system. But this is complex to achieve.



You are now in the first article
reaction:

Comments