A Timing Side-Channel Attack on a Mobile GPU

Mobile devices are quickly becoming powerful computing platforms in many respects. Given the growing resource demands of applications, compute-heavy workloads on today's smartphone devices are offloaded to the on-board GPU for performance and power efficiency. Mobile devices carry a significant amount of sensitive and personal data, including credit/banking transactions, medical records and passwords. They are frequent targets for attackers, working to obtain an individual's personal information. Although there has been a significant amount of work focused on improving mobile device information security, there has been limited attention paid to the vulnerability of side-channel attacks on these devices, especially their on-board GPUs. In this paper, we present our work on timing side channel vulnerability, launched on a popular mobile device's GPU, exploiting its cache behavior. We target AES-128 encryption, and show that we can successfully recover the full encryption key when using known ciphertext by exploiting timing information. While we target a Qualcomm Snapdragon platform, our statistical analysis shows that our approach is a general method that can be applied to similar mobile platforms.