Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proof-of-Concept Linux Rootkit Leverages GPUs For Stealth

Posted by Soulskill on from the jellyfish-eating-penguins dept.

itwbennett writes: A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden. The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs is a viable option. Such threats could be more sinister than traditional malware programs, according to the Jellyfish developers, in part because there are no tools to analyze GPU malware, they said.

3 of 67 comments (clear)

  1. Combined with homebrew radios by __aabppq7737 · · Score: 5, Interesting

    Recently it was discovered that certain GPUs can be manipulated to create a radio antennae via internal circuitry. Combine this with a relatively unmanaged kernel on the GPU to create silent malware and a peer-to-peer radio-communicating botnet

  2. This is a scam! by Anonymous Coward · · Score: 5, Funny

    Everyone knows there are no working video drivers on Linux!

  3. IOMMU by Anonymous Coward · · Score: 5, Interesting

    There's no mention of IOMMU devices in the article. An IOMMU is like an MMU for the I/O; it remaps the memory access of any DMA device to a different area of physical memory, so that:
    *The DMA device can't misbehave, as in the article
    *A virtual machine can work directly with that DMA hardware device
    *The I/O device can be remapped to a memory region it might not otherwise support (e.g. a 6GB offset, from a 32-bit PCI card)

    But, the article doesn't say anything about IOMMUs. Does an IOMMU help at all against this vector? Does it completely block it, or only make the attacks slightly harder? Do modern computers, which mostly have IOMMUs available, make use of their IOMMUs to mitigate this at all?

    I'd be grateful if anyone knew more about this.