Tuesday, 15 December 2015 10:53

Open Access to the GPU. Is this an open invitation to Malware?

Written by

Reading time is around minutes.

The average GPU is a pretty powerful computational device. The highly parallel design and efficient memory structure means that you can execute operations at a rate that puts most CPUs to shame. With the advent of Cuda and OpenCL the door was opened for developers to push workloads to the GPU and get back some pretty nice returns. Microsoft and many others joined in and began making access to the GPU simpler starting with DirectX 10.

As DirectX continued to evolve so did the direct compute API. Now with DX12 we have an incredible level of access into the GPU as a computational option. AMD has been a big advent of this especially since their APUs do not have the CPU power to match up to Intel’s (by the same token Intel’s GPUs are no match for AMD). AMD has embraced the OpenCL side of the game with Mantle and a few other APIs. This is on top of DX12. Now they are pushing a new level of access called GPUOpen.

GPUOpen is a collection of open source tools available from AMD’s Radeon Technologies Group that is intended to allow game developers to enhance the level of performance they can get from AMD GPUs. This, on the surface is a good thing. After all allowing for graphical optimizations is never a bad thing. Gaming drives a very big market so helping out here is a good idea for AMD. If they can get enough people to get onboard and willing to share ideas and information they could have a new weapon to fight NVIDIA in the GPU market.

Here is the rub though. By opening up the GPU to more applications, code etc. we are also opening up a new and hidden area for malware to run. Even the basic tools from DX11 and 12 are helping to create this new vector. There have been a couple of POC (Proof of Concept) malware that can run entirely in the GPU memory space. We also have heard rumors of one that might be in the wild aimed at POS stations. This type of hidden, accelerated execution space is very concerning. Right now there are no malware protection applications that can scan workloads running in the GPU space. If the malware payload can be inserted through the GPU driver or a trusted process then it would have almost unlimited room to move around and do what it wants.

This is not a farfetched idea. We have heard it tossed around in certain shadowy places on the internet. Most of the conversations were around using the GPU for malvertising, but the fact that this is already being talked about is quiet concerning. The response from the malware side of the security conversation has no response as of yet. Most of the companies we talked to thought the idea was outlandish and did not see the need to think about it. When we reminded them of the charging and Bluetooth keyboard malware they had nothing to say and declined comment.

At this point in time opening up the GPU for more cade execution is on the same level as the IoT glut. It sounds like a great idea, but without the proper security in place it is going to end up being something really bad.

Read 2995 times Last modified on Tuesday, 15 December 2015 10:55

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.