Sunday25 September 2022

Nothing like GPU accelerated malware to brighten your day

Reading time is around minutes.

The idea of GPU accelerated applications is one that has caught the attention of many developers over the years since we first heard about it. It is a great advancement in technology that allows you to use the parallel processing and faster memory of a GPU to perform complex tasks much faster than most CPUs can. This is great for software that needs that extra boost like AI, video or photo editing and… Malware. Yes it is also possible to develop malware that uses OpenCL and Cuda (NVIDIA’s flavor of GPU programing language.

A group of security researchers, who have chosen not to reveal their names yet, have launched a proof of concept that shows just how easy it is to run Malware on a GPU using the memory and I/O space that the GPU owns. By doing this they have found a way to bypass most malware detection applications simply because they are not able to scan the memory on a GPU. You can execute all kinds of malicious code in a GPUs memory and never be noticed.

Right now proof of concept exists for Linux, Windows and OSX is on the way. The caveat is that this requires an OpenCL capable GPU… oh wait. For the last few years OpenCL has been able to function on just about every GPU on the market including Intel’s IGPs. This means that the majority of the market is vulnerable to this malware simply because of the pervasiveness of OpenCL capable GPUs.

As we mentioned there are currently no security applications that scan the memory used by GPUs so this leaves many open to this type of attack. It is not exactly what you want to hear about as more and more operating systems and applications ramp up to use OpenCL or Cuds to help improve performance, but it is something that the industry should have been looking into from the beginning when GPUs were first used in this manner. The event illustrates very clearly how often the industry fails to account for security as they design and implement new products and it is frightening that with the number of breaches growing each year they are still doing it.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.