A group of security researchers, who have chosen not to reveal their names yet, have launched a proof of concept that shows just how easy it is to run Malware on a GPU using the memory and I/O space that the GPU owns. By doing this they have found a way to bypass most malware detection applications simply because they are not able to scan the memory on a GPU. You can execute all kinds of malicious code in a GPUs memory and never be noticed.
Right now proof of concept exists for Linux, Windows and OSX is on the way. The caveat is that this requires an OpenCL capable GPU… oh wait. For the last few years OpenCL has been able to function on just about every GPU on the market including Intel’s IGPs. This means that the majority of the market is vulnerable to this malware simply because of the pervasiveness of OpenCL capable GPUs.
As we mentioned there are currently no security applications that scan the memory used by GPUs so this leaves many open to this type of attack. It is not exactly what you want to hear about as more and more operating systems and applications ramp up to use OpenCL or Cuds to help improve performance, but it is something that the industry should have been looking into from the beginning when GPUs were first used in this manner. The event illustrates very clearly how often the industry fails to account for security as they design and implement new products and it is frightening that with the number of breaches growing each year they are still doing it.