Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Malware Running On Graphics Cards 103

Posted by CmdrTaco from the freeing-up-the-cpu dept.
An anonymous reader writes "Given the great potential of general-purpose computing on graphics processors, it is only natural to expect that malware authors will attempt to tap the powerful features of modern GPUs to their benefit. In this paper, the authors demonstrate the feasibility of implementing a malware that can utilize the GPU (PDF) to evade virus scanning applications. Moreover, the authors discuss the potential of more sophisticated attacks, like accessing the screen pixels periodically to harvest private data displayed on the user screen, or to trick the the user by displaying false, benign-looking information when visiting rogue web sites (e.g., overwriting suspicious URLs with benign-looking ones in the browser's address bar)."
This discussion has been archived. No new comments can be posted.

Malware Running On Graphics Cards More

Malware Running On Graphics Cards

Comments Filter:

  • Re:Hehe, what goes around comes around (Score:4, Informative)

    by TheRaven64 ( 641858 ) on Monday September 27, 2010 @01:27PM (#33713878) Journal
    DMA is not a problem. It goes via the GART (and has since the AGP days), so the GPU can only see the bits of memory that it is explicitly shown. A bigger problem is that separate processes may not be isolated from each other on the GPU, so your WebGL program and your window server may be running in the same virtual address space on the GPU. Your WebGL program is then free to read or write any window's contents, as long as it can find the correct virtual address for the buffers.

  • Re:Is this possible in a correctly configured Linu (Score:3, Informative)

    by TheRaven64 ( 641858 ) on Monday September 27, 2010 @01:33PM (#33713940) Journal

    No, you're thinking at the wrong level. The problem is that every application that gets an OpenGL context can upload programs to the GPU and run them. Fine in theory, and a modern GPU has the ability to isolate different context's memory from each other, but the drivers don't always use it (and don't always use it correctly when they do). If you're using an nVidia or ATi blob driver, then you have the same code controlling the GPU as a Windows user, so if the vulnerability is on Windows it will also be on Linux.

    The latest versions of Nouveau do provide some support for giving different contexts different virtual address spaces, but this support may not always be used correctly. I've no idea about ATi / AMD drivers.

    If you don't have on-GPU memory protection properly configured, then any GLSL, OpenCL, CUDA, HLSL, or whatever, program can access any of the GPU's memory. This means that anything in VRAM, including the contents of every on-screen window (and even some off-screen ones if you're on a system like OS X, X11 with a compositing manager, or Windows with Aero) is available to the malware.

  • Re:Hehe, what goes around comes around (Score:3, Informative)

    by faragon ( 789704 ) on Monday September 27, 2010 @03:34PM (#33715444) Homepage
    A big problem in 1994 was the poor quality of DRAM used in graphics cards and/or tight DRAM timmings (many SVGA cards had overclocked DRAM, specially the ones running in VESA Local Bus 32-bit bus for i80486 CPUs).

Slashdot Top Deals

HELP!!!! I'm being held prisoner in /usr/games/lib!

Close