Is Malware Coming Soon to Our Graphics Cards?

Like ourselves, our computers have long been able to contract “viruses” and other forms of disgusting malware that can at times render them inoperable. There are of course some major differences between viruses that we as humans can contract and viruses that our computers can, and one of the main ones is that the latter can be crafted by some mischievous humans rather easily.

It feels a bit odd to say, but it seems to me that as huge as malware is today, it doesn’t seem to be quite as prevalent as it has been in year’s past. Some of this might stem from the fact that I don’t visit the shadiest of websites and that I am careful about what I do on my PC, but when I think back to viruses such as the Blaster, which could hit Windows XP installs even immediately after an install, I just don’t quite see the same thing today.

The fact of the matter is, though, that viruses are still a major part of life, and there’s a good reason that companies such as Symantec and F-Secure still have a lot of business. Heck, any reassurance of this fact could be had simply by taking a look at the Intel’s acquisition of McAfee. It couldn’t be more clear that viruses and malware are here to stay. But, is there a chance it could get even worse?

In a paper written by researchers at both Columbia University here in the US and the Foundation for Research & Technology in Greece, that does seem to be a real possibility, and we have our graphics cards to thank. If you’re a regular reader of the site, you’re likely well aware that when situations are right, our graphics cards can take over our CPU’s work and produce some jaw-dropping performance gains. This is so much the case, that not only have some media encoders and image manipulators gone to the GPU, but even things like password crackers.

The usage of GPU password crackers could in itself be considered a bad thing, but unlike malware, they can serve a legitimate purpose. But with the sheer power of our GPUs at some malware writer’s disposal, just what kind of havoc can be wreaked? Well, lots, really. Most scary to me is the fact that since the GPU could be tapped into, raw pixels could be extracted from the currently-displayed image on the screen. That of course has serious security risks, given that these pixels could contain your personal information.

If you’re interested enough to dig deep and read through the paper, it’s well worth it. You can right-click this URL to download, as it’s only available in PDF format. The big question I have is whether or not the same companies that are devoted to protecting our PCs are taking the possibility of GPU exploitation into consideration. You’d imagine so, and given the sheer possibilities presented by running malware on a GPU, we can hope that such solutions will arrive sooner than later.

An attacker can easily include multiple versions of the GPU-specific code in the same executable to keep the malware functional across different GPU architectures. In fact, supporting just the two major vendors would allow for almost complete coverage. The wide adoption of OpenCL [10], a cross-platform GPGPU framework that aims to unify vendor-specific APIs into a single one, will obviate the need for embedding different versions of the same code.