15-09-2021 | | By Robin Mitchell
Reports are coming in that hidden malicious code can be executed on GPUs. Why are GPUs a particular problem for security? What did the recent reports say about GPS security, and is this a classic example of how Hardware security will become imperative in future Electronics.
Since the development of the first computers, GPUs have always existed in some shape or form, whether it be a simple video processor or a full-fledged vector graphics controller. As computer performance has increased, so has the ability of GPUs. What used to be a simple video interface has now become a dedicated co-processor capable of performing many millions of complex operations per second.
GPUs have found themselves useful in several Niche applications, including AI, machine learning, and cryptographic functions. In fact, the world is currently seeing a shortage of GPUs due to increasing cryptocurrency prices and the fact that GPUs can be used to mine these currencies with great efficiency.
However, the ability for GPUs to do more than just graphical tasks is seeing them being targeted by cybercriminals. Whether it's to break encryption or mine cryptocurrency at the expense of the hardware owner. Furthermore, the ability for GPUs to execute code leaves them vulnerable to the execution of malicious code that is physically separated from the CPU.
Recent reports have suggested that a hacker has sold malware techniques to a group of threat actors, allowing malicious code to be executed on a GPU. What makes this particularly worrying for Security Experts is that it stops the code held in GPU RAM, meaning that it is outside the CPU Ram space.
It may be impossible for antivirus to scan this area of RAM bad boy allowing cybercriminals to hide malicious code. Furthermore, the code held in GPU RAM is executed by the GPU and not the CPU, meaning that it would bypass Hardware security found in the CPU.
However, it has been said that this vulnerability only affects Windows machines that support OpenCL 2.0, and the technique has been demonstrated to work on Intel AMD and Nvidia GPUs (but this may not work on all GPUs). Of course, this isn't the first time now where has targeted GPUs. Jellyfish is an example of malware that can run in GPUs RAM space on Linux systems and avoid detection by anti-malware services.
From an engineering point of view, it is intriguing to see how even the most basic peripherals in a computer can now execute code on their own, which leaves us with the question of whether such devices should be allowed to exist.
While it is understandable that GPUs need to have such computational ability to perform complex tasks such as 3D rendering and shaders, the ability to execute arbitrary code with no Hardware security while having full access to computer hardware is an extremely dangerous scenario.
Even if such an attack requires direct access to the GPU (i.e. By flashing the firmware), it still presents serious security threats to any consumer who purchases that GPU from a third party. Considering how GPUs can be used to break encryption and mine cryptocurrency, this added threat of malicious code execution may require future GPUs to integrate Hardware security.