GPU Malware Can Also Affect Windows PCs, Possibly Macs

itwbennett writes: A team of anonymous developers who recently created a Linux rootkit that runs on graphics cards has released a new proof-of-concept malware program that does the same on Windows. A Mac OS X implementation is also in the works. The problem the developers are trying to highlight lies not with the operating systems, such as Windows or Linux, nor with the GPU (graphics processor unit) vendors, but rather with existing security tools, which aren't designed to scan the random access memory used by GPUs for malware code.

Re:using the OpenCL APIs is *noisy*

[gstoddart]

Honestly, it's an attack vector.

Assuming that a particular attack vector couldn't ever happen sounds rather shortsighted.

What's more likely ... this takes more work, but people will do it because of the same reasons they always write malware? Or that they'll just throw up their hands?

Because if there's money to be made, or fun to be had ... why the hell wouldn't they exploit anything they can?

...with no memory protection.

[DrYak]

except that with big vendors like Nvidia, there is no memory protection (no good IOMMU support yet).

So they've demonstrated that ... you can store data in RAM.
Whoop-dee-fucking-doo.

Except that, due to the above, that *RAM* happens to be accessible to anyone who might give a try.

CPU:
Imagine you have a software in which you are editing your *super secret* document.
Imagine that there's a different software running in user space.
That software can't access your document - there's a MMU on the CPU enforcing memory protection. A piece of software can't reach out to a memory block it doesn't have explicit access granted.

GPU:
Now imagine that the editor displays your document on the screen. It goes through the compositor onto a buffer on the graphic card (either GPU RAM, or RAM accessed by the GPU), before finally getting assembled for displaying on the screen (that's a normal behaviour).
Now imagine you're also running a 3D game on the same computer. That game uses OpenCL to compute its physics. ...but...
one of the shader run on the GPU is actually a trojan: instead of reading from some buffer used for the physics computation, it reads using a pointer to the location of CPU RAM where the display buffer of the first program is.
It shouldn't be allowed to do so, but it does anyway. (e.g.: Nvidia's proprietary drivers) The request goes through and the game can siphon the output of the super secret editor. There's is (currently) nothing to enforce such memory protection and prevent one GPU shader to peek into buffers from another applications. Currently any shader running on the GPU can peek from any location it wants to.

Nvidia and AMD need to properly implement support for IOMMU & the MMU inside the GPU itself.

No its an OS

No not at all. These are not dedicated devices, they're typically a stock processor, with an OS core that can load and update some software parts and those software parts do the function. In the case of the Sim card is a java machine used to provide services from the phone company to the phone.

If you call it firmware does it make it better?

These devices are programmable, have CPU and can be late programmed to change that firmware, in other words hacked to take over a computer.
GPU for example has DMA access to the main processor memory giving it free range over a lot of the system.

The update was how the NSA hacked the hard drivers, simply using the update facility to add their own software.
That was how they hacked Dell Server BIOSs, intercepting the BIOS update and sending their own updates instead.
For the modem they piggybacked their own software in the modem code.
For the sim card it was an update sent from network to the provided services.