W3C home > Mailing lists > Public > www-style@w3.org > October 2011

Re: [css-shaders] security - timing attacks

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Tue, 18 Oct 2011 16:02:54 -0700
Message-ID: <CAAWBYDB4k2RRGhYFz=J=JKhirKdHCeSLvEvjB6yQGesUPcqB9w@mail.gmail.com>
To: "Gregg Tavares (wrk)" <gman@google.com>
Cc: www-style list <www-style@w3.org>
On Tue, Oct 18, 2011 at 10:11 AM, Gregg Tavares (wrk) <gman@google.com> wrote:
> Don't CSS shaders end up exposing the same timing attacks for reading images
> that WebGL used to before CORS support was added?
> Basically, build a shader that takes more time depending on the pixels. Use
> requestAnimationFrame to time how long compositing took, adjust until you
> overflow a frame. You can now read pixels.

Specifically, if you use a shader that runs either at 60fps or 30fps
based on what it's run on, you can use rAF to extract, on average,
about 45 bits/second of data from any element on the page, potentially
including things like cross-origin iframes.

~TJ
Received on Tuesday, 18 October 2011 23:03:49 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:45 GMT