Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Running On Graphics Cards

Posted by CmdrTaco on from the freeing-up-the-cpu dept.

An anonymous reader writes "Given the great potential of general-purpose computing on graphics processors, it is only natural to expect that malware authors will attempt to tap the powerful features of modern GPUs to their benefit. In this paper, the authors demonstrate the feasibility of implementing a malware that can utilize the GPU (PDF) to evade virus scanning applications. Moreover, the authors discuss the potential of more sophisticated attacks, like accessing the screen pixels periodically to harvest private data displayed on the user screen, or to trick the the user by displaying false, benign-looking information when visiting rogue web sites (e.g., overwriting suspicious URLs with benign-looking ones in the browser's address bar)."

19 of 103 comments (clear)

  1. I guess it already happened to me by Yvan256 · · Score: 5, Funny

    It says slashdot.org in my URL bar but since the last few months the comments of users appear to be from digg.

  2. I am pleased by Reilaos · · Score: 5, Funny

    With this technology, new, more sophisticated Rickrolling is now possible.

    1. Re:I am pleased by jpapon · · Score: 3, Funny

      cudaMemcpy(d_rickAstley,h_rickAstley, AMOUNT_OF_TIME*TO_GIVE_U_UP * sizeof(float) ,cudaMemcpyHostToDevice);

      d_RickRolled >> (d_rickAstley);

      --
      -- Let us endeavor so to live that when we pass even the undertaker shall be sorry. -- M. Twain
  3. I will show them... by halfEvilTech · · Score: 5, Interesting

    "Moreover, the authors discuss the potential of more sophisticated attacks, like accessing the screen pixels periodically and harvest private data displayed on the user screen"

    I guess we just change all fields to mask the entries with **** or if we want to really fool them use dots.

  4. Wrong summary by blai · · Score: 3, Funny

    Should read "nvidia adds twitter and pop3 integration to newest line of GPUs"

    --
    In soviet Russia, God creates you!
  5. imagine by KillaGouge · · Score: 3, Insightful

    Imagine starting to be target for specific porn habits. No amount of private browsing would keep the ads from showing up on your computer.

    --
    GENERATION 25: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
  6. Hehe, what goes around comes around by arivanov · · Score: 4, Interesting

    I used to run a small computer repair and write-to-order software shop for a living while in the Uni with two more people. One of them had that idea around 1994. In those days it was just to store the code in the video RAM pages which are not directly accessible to a scanner and keep a small polymorphic backstrap routine in main memory.

    What goes around comes around. Looks like this is using a similar approach. Even if you compute some stuff on the card you still need a bootstrap within the main system to use it and talk back to the "mothership".

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
    1. Re:Hehe, what goes around comes around by postbigbang · · Score: 3, Funny

      Now that I think of it, my electric razor with new programming, was trying to attack me this morning, or so it seemed...

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:Hehe, what goes around comes around by TheRaven64 · · Score: 3, Informative

      DMA is not a problem. It goes via the GART (and has since the AGP days), so the GPU can only see the bits of memory that it is explicitly shown. A bigger problem is that separate processes may not be isolated from each other on the GPU, so your WebGL program and your window server may be running in the same virtual address space on the GPU. Your WebGL program is then free to read or write any window's contents, as long as it can find the correct virtual address for the buffers.

      --
      I am TheRaven on Soylent News
  7. Popups 2.0 by BradleyUffner · · Score: 4, Interesting

    This should make for some wonderful new kinds of pop up ads that can't be dismissed or in any way taken out of focus.

  8. Process Authentication and Authorization by Doc+Ruby · · Score: 3, Interesting

    User and role based authentication/authorization is essential to security, but not sufficient. A machine that brings authentication/authorization down to the process level would be more secure.

    I'd like a PC that enforced access control on each process running. Every call to any HW, whether CPU, MMU, GPU, or any bus, to require authentication. A crypto ASIC with scores of simultaneous auth units pointing at each process space and the ACL table for auth in just a few extra clock ticks on operations per process, at startup and randomly every dozen or so calls. More frequently when there's a "heightened alert" either by network notification or during and after other security events like DoS attacks and malware discovery.

    --

    --
    make install -not war

  9. Re:KISS by jpapon · · Score: 3, Insightful
    Eh, this is way sneakier, and could be far more effective, since you could modify/hide anything from the user.

    It would be pretty difficult to determine which pixels are the URL bar on the GPU though. Unless of course all this GPU acceleration they're putting in browsers now allows you to somehow read the coordinates directly.

    --
    -- Let us endeavor so to live that when we pass even the undertaker shall be sorry. -- M. Twain
  10. Driver problem by TheRaven64 · · Score: 4, Interesting

    Modern GPUs include memory protection, so different processes can be prevented from reading each others' VRAM, just as they can be prevented from running each others' RAM. This is not always used by the drivers, which may just map the entire physical VRAM into the GPU's virtual address space. With properly written drivers, this is much harder.

    The big malware potential comes from WebGL. This allows you to run arbitrary GLSL code in the browser's (GPU) address space. Although you probably can't take over the entire display, you can potentially take over the entire browser window without permission. Hopefully, the driver will give you entirely separate GPU address spaces per GL context, but given how incompetent AMD and nVidia's driver teams have demonstrated themselves to be, I doubt it.

    --
    I am TheRaven on Soylent News
  11. Re:KISS by jpapon · · Score: 3, Insightful

    Maybe, but people have so many addons and toolbars it would be a pretty rough guess.

    --
    -- Let us endeavor so to live that when we pass even the undertaker shall be sorry. -- M. Twain
  12. Re:KISS by TheRaven64 · · Score: 3, Interesting

    It would be pretty difficult to determine which pixels are the URL bar on the GPU though.

    No, not really. The browser window's address bar is a pretty easy shape for simple computer vision algorithms to spot, and you've go access to a nice parallel processor to run them on...

    --
    I am TheRaven on Soylent News
  13. Re:Government researchers? by blair1q · · Score: 4, Insightful

    Before you can build a wall, you have to imagine someone walking over the imaginary line at the edge of your yard.

    Or you can figure out that a wall would have been useful after they come into your yard, but then it's too late.

    See, most taxpayers understand that we pay taxes to prevent the crime, we don't wait until it happens and then rail that the government isn't doing anything about it.

  14. Re:KISS by jpapon · · Score: 3, Interesting

    Yeah, I suppose. I could make this happen today if I knew how to dump the screen buffer contents to a readable array in device global memory in CUDA.

    --
    -- Let us endeavor so to live that when we pass even the undertaker shall be sorry. -- M. Twain
  15. Re:KISS by h4rr4r · · Score: 3, Insightful

    All the malware has to do is add a CA it already owns.

  16. Re:KISS by sjames · · Score: 3, Interesting

    Fortunately, it's running on the GPU, which we all know from the marketing hype is an amazing infinitely powerful CPU. It will have no problem running a recognition program to find the URL bar.