Modern processors and video cards are trying to be thin, light and energy efficient. To do this, they use the mechanisms of dynamic voltage and frequency change (DVFS), which allow you to adjust the parameters of the device depending on the load. However, these mechanisms also create side channels of information leakage that can be used by attackers to extract sensitive data.

Leakage side channels are channels that software uses to measure the physical properties of devices such as power consumption, temperature, or frequency. These properties correlate with the instructions and data that are processed on the device. Thus, an attacker can access them through internal sensors or interfaces without resorting to external equipment.

Traditionally, such attacks required special hardware connected to the computer. However, recent research has shown that programming interfaces available on the computer itself can be used, such as Intel’s RAPL interface or the DVFS (Dynamic Voltage and Frequency) mechanism.

In a new study scientists have shown that leakage side channels are present on modern Arm architecture processors and video cards, which are becoming increasingly popular in high-performance devices. They also demonstrated how these channels can be used to attack Chrome and Safari browsers using JavaScript code. Attacks allow you to steal image pixels or determine the user’s browsing history.

Such leak channels represent a new threat to cybersecurity, as they can bypass existing defenses against traditional attacks through microarchitectural channels. Therefore, it is necessary to develop new ways to detect and prevent such attacks on modern devices.

Researchers have proposed several ways to protect against such attacks, including reducing the resolution or frequency of measurements, adding noise or randomness to the computer, or using special data protection schemes. They also urged developers and manufacturers to consider the risk of such leaks when creating new hardware and software.