GPU Malware Can Also Affect Windows PCs, Possibly Macs

itwbennett writes: A team of anonymous developers who recently created a Linux rootkit that runs on graphics cards has released a new proof-of-concept malware program that does the same on Windows. A Mac OS X implementation is also in the works. The problem the developers are trying to highlight lies not with the operating systems, such as Windows or Linux, nor with the GPU (graphics processor unit) vendors, but rather with existing security tools, which aren't designed to scan the random access memory used by GPUs for malware code.

using the OpenCL APIs is *noisy*

[flowerp]

I question why anyone would go that route for writing malware. When you start using the OpenCL APIs, your graphics cards will clock up and leave their low power states. The graphics card resource utilization (compute, memory transfers, memory usage) is shown by monitoring tools such as GPU-z and command line tools such as nvidia-smi. You can't hide anything on the GPU.

Load of overhyped bullshit.

The linux rootkit doesn't "run on GPUs".
It allocates a buffer on the GPU and then stores strings in that buffer.
So they've demonstrated that ... you can store data in RAM.
Whoop-dee-fucking-doo.

Found the link

The are lots of OSs in your computer that are hacked already. The wireless keyboard software or the wifi modem, or the ethernet card software running there. Even on an Apple HDMI *CABLE*, there was an ARM chip (doing re coding) that happens to be upgradeable, i.e. hackable by malware. The vendors leave the OS flashable since it might need a bug fix later, but in doing so they leave it exposed to malware.

Apples HDMI cable is an ARM chip that can be 'upgraded':
http://www.theverge.com/2013/3/1/4055758/why-does-apples-lightning-to-hdmi-adapter-have-an-arm-computer-inside

Phone SIM Card OS hacked, yes the sim card even has an OS:
http://www.extremetech.com/computing/161870-the-humble-sim-card-has-finally-been-hacked-billions-of-phones-at-risk-of-data-theft-premium-rate-scams

The modem in the OS hacked:
http://www.extremetech.com/computing/170874-the-secret-second-operating-system-that-could-make-every-mobile-phone-insecure

Sigh.

[ledow]

1) It's misleading. The code is not executing on the GPU, it's just stored there.

2) It's obvious. If you're just storing code as data, it doesn't matter what OS you use to do that.

3) It's blatant pandering to media. Two stories (at least) on this, no extra content besides the bleeding obvious.

4) It's a symptom of stupidity. If your only safety comes from being able to scan RAM or storage devices and find a "signature" amongst them of a known virus, you're an idiot. It's a stupid, pointless waste of time and computing resources. That there's an area of RAM available that DOESN'T have live protection built into existing antivirus is not shocking at all. Hell, you could store string stuff in the TPM chip, or in the HPA of a hard drive, or in an onboard EEPROM or anywhere else that antivirus can't scan. They'll be unable to "certify" it as safe (as if they could anyway!) and will have to rely on somehow spotting the loader program before execution no matter what variant of it is used, or how the actual data payload is encrypted. (Hint: They can't. Antivirus is exclusively "after the horse has bolted" security.

5) Really, Slashdot?

Re:...with no memory protection.

except that with big vendors like Nvidia, there is no memory protection (no good IOMMU support yet).

So then why not demonstrate that instead of "look mommy, I can store data in a buffer I own"?

Currently any shader running on the GPU can peek from any location it wants to.

Go ahead, try it. Hint: it won't work.

Nvidia and AMD need to properly implement support for IOMMU & the MMU inside the GPU itself.

They did. About 8 years ago.