We rely on computer graphics chips to render games, video, and images. But the same GPU can also be abused to potentially track browser activity on the web, according to new research.
In a new paper, a team of academics at Israel’s Ben-Gurion University and France’s University of Lille examine how a computer’s GPU can upgrade “browser fingerprinting,” a technique the ad industry already uses to discern which sites your computer is visiting.
Fingerprinting exploits how today’s browser can expose plenty of minor details about your computer to a website, such as the software version, screen resolution, fonts, time zone, and IP address. Since not every computer has the same settings, the ad industry can take these details to fingerprint your PC and track your browser as it moves from one site to another.
However, the accuracy of a fingerprint will degrade over time as the computer receives new software versions, visits the internet via different IP addresses, or changes system settings. This led the team of academics to wonder if the ad industry could pull data from a computer’s hardware to improve the fingerprint’s longevity.
The research effort resulted in “DrawnApart,” a way to fingerprint a user’s computer by measuring the minute differences across a GPU’s execution units. (BleepingComputer was first to report on the research paper.)
“In a nutshell, to create a fingerprint, DrawnApart generates a sequence of rendering tasks, each targeting different EUs. It times each rendering task, creating a fingerprint trace,” the paper’s authors wrote.
Essentially, DrawnApart can generate a benchmark score for your computer’s GPU to supplement the existing fingerprint. The GPU benchmark can also be used to fingerprint individual machines, even when they use the same graphics chip. This is because “even nominally identical hardware devices have slight differences induced by their manufacturing process,” which can appear in the rendering timing tests, according to the research.
But what makes the technique particularly unsettling is how the GPU data can be collected over unprivileged JavaScript running on a website.
Specifically, DrawnApart taps Web Graphics Library or WebGL, a JavaScript API that’s used across major browsers to render 2D and 3D graphics. The same API can be abused to measure how fast a computer’s GPU will complete simple rendering tasks, which can occur in the browser’s background in less than a few seconds.
To test the technique, the academics created a Chrome browser plugin capable of running DrawnApart on a computer. The plugin was then installed on 2,550 PC and mobile devices built with a variety of graphics chips from Intel, Apple, Nvidia, and Samsung.
The experiment found the DrawnApart technique increased the median tracking time of a current fingerprinting method known as FP-Stalker by 67% percent. This means a fingerprint’s duration can last from 17.5 days to 28 days, up from a mere 10.5 days.
“To the best of our knowledge, this is the first time hardware features have been used to challenge privacy in this context,” the academics wrote. “Our fingerprinting technique can tell apart devices that are completely indistinguishable by current state-of-the art methods, while remaining robust to changing environmental conditions.”
That said, the DrawnApart can be stopped by blocking the WebGL API from running when it’s not needed. Another option involves WebGL “adding a randomization step” or disabling certain “timer APIs,” which would prevent DrawnApart from accurately benchmarking a GPU’s execution units.
In response to the potential privacy threat, the team submitted its research results to Intel, Arm, Google, Mozilla, and Brave. In addition, the Khronos group, which determines the WebGL specification, has established a study group to discuss the GPU fingerprinting research with stakeholders.
Whether the ad industry will try to exploit GPUs for actual fingerprinting remains to be seen. But in the meantime, the academics are warning that an API to succeed WebGL called WebGPU risks taking the fingerprinting to the next level since it can be exploited for more accurate GPU benchmarking. The group’s own tests show WebGPU “delivered a near-perfect classification accuracy of 98%, while taking only 150 milliseconds to run.”
“The effects of accelerated compute APIs on user privacy should be considered before they are enabled globally,” the academics added. The authors will present their findings at the NDSS 2022 security conference in April.
