Industry News

Nvidia graphic card bug could expose your private porn habit

adult-website

Many people would prefer to keep their online porn habit private, and try to keep their adult website surfing secret from their family members or colleagues by enabling a “Private Browsing” mode which ensures that sites you visit aren’t saved in your browser history.

The “private browsing” feature is included in most modern browsers including Google Chrome where it is called “Incognito mode”.

incognito

But is your browsing really as private as you might like?

According to University of Toronto student Evan Andersen perhaps it’s not.

In a blog post published this weekend, Andersen claims that Chrome’s supposed “incognito mode” came back to haunt him, after an adult video on YouPorn reappeared on his screen as he loaded the video game Diablo III, hours after he had first watched the X-rated movie.

adult-website

In other words, rather than see Diablo III’s normal jet black loading screen Andersen was greeted with images of “Redhead Marie” instead.

According to Andersen, the potentially embarrassing privacy foul-up is caused by a bug in the GPU drivers used by Nvidia graphic cards.

Even though this happened hours later, the contents of the incognito window were perfectly preserved.

So how did this happen? A bug in Nvidia’s GPU drivers. GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, it’s framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of it’s own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Since Diablo doesn’t clear the buffer itself (as it should), the old incognito window was put on the screen again.

Andersen appears to have proved his theory by writing a program that scanned GPU memory for non-zero pixels, discovering a Reddit page that he had had opened minutes before on one of his computer’s other user accounts.

reddit

Andersen says that the problem is serious for those who wish to keep their computer activity private, especially as it can expose what you have been up to even if you are not specifically targeted.

It breaks the operating system’s user boundaries by allowing non-root users to spy on each other. Additionally, it doesn’t need to be specifically exploited to harm users – it can happen purely by accident. Anyone using a shared computer could be exposing anything displayed on their screen to other users of the computer.

And here is where things get especially worrying.

Anderson says that he informed both Nvidia and Google about the bug two years ago. Nvidia has apparently acknowledged that the bug exists, but has still not fixed it. Google meanwhile has said that it will not address the bug as (apparently) Google Chrome’s incognito mode is “not designed to protect you against other users on the same computer (despite nearly everyone using it for that exact purpose.)”

I’m not sure which company’s response is more disappointing.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

3 Comments

Click here to post a comment

Your email address will not be published. Required fields are marked *

  • I have no comment except this:

    The choice of hotforsecurity.com is the best choice for this article in question, at least if you like puns. The reason is that when someone is ‘hot for’ someone it is suggested they are sexually aroused (or at least attracted). Yet this flaw is about a NVIDIA GPU bug that could expose the habit of porn ….

    Perfect.

  • There you go folks, either shutdown before handing over the reigns, get an updated driver/alternative video chipset or replace with a much lower VRAM capacity or don’t go to naughty sites :)

    All jokes aside, what an interesting bug.