Abstract
Mobile phones are the most intimate computing devices of our time. We use them for private and business purposes. At the same time lax update habits of manufacturers make them accumulate disclosed vulnerabilities. That is why smartphones have become very attractive targets for attackers. Until today Graphics Processing Units (GPU) were not considered an interesting mean of payload delivery in mobile devices. However, in this paper, we present how the Direct Memory Access (DMA) capabilities of a mobile GPU can be abused for a privilege escalation attack. We describe a successful and real-world GPU-based attack, discuss problems that the GPU’s different programming model poses, and techniques that lead to a successful attack. We also show a proof-of-concept exploit against a very popular smartphone line. We conclude that DMA-based malware is a serious threat to mobile devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The visible part of a scene.
- 2.
Varyings carry meta-information from the geometry phase to the fragment phase of the GPP, and are subject to interpolation in the rasterization phase.
- 3.
Texture pixel.
- 4.
The Mali MP 400 GPU has one geometry processor (GP) and up to four pixel presenters (PP). Each of these processing cores has its own MMU.
- 5.
The OEM was informed about our findings and fixed the bug.
- 6.
References
Boileau, A.: Hit by a bus: physical access attacks with firewire. Ruxcon (2006)
Breuk, R., Spruyt, A.: Integrating DMA attacks in exploitation frameworks (2012). http://staff.science.uva.nl/delaat/rp/2011-2012/p14/report.pdf
Carlson, J.: GPUs for mobile malware mitigation and more. Recon (2012)
Carrier, B.D., Grand, J.: A hardware-based memory acquisition procedure for digital investigations. Digit. Investig. 1(1), 50–60 (2004). http://dx.doi.org/10.1016/j.diin.2003.12.001
Dornseif, M.: 0wn3d by an iPod: Firewire/1394 issues. In: PacSec (2004)
Giesen, F.: A trip through the graphics pipeline (2011). http://fgiesen.wordpress.com/2011/07/09/a-trip-through-the-graphics-pipeline-2011-index/, blog: The ryg blog
Ladakis, E., Koromilas, L., Vasiliadis, G., Polychonakis, M., Ioannidis, S.: You can type, but you can’t hide: a stealthy GPU-based keylogger. In: Proceedings of the European Workshop on System Security (EuroSec) (2013)
Lineberry, A.: Malicious code injection via /dev/mem. In: Proceedings of Blackhat Europe (2009)
Luebke, D., Humphreys, G.: How GPUs work. Computer 40(2), 126–130 (2007)
Maartmann-Moe, C.: Ftwautopwn. http://www.breaknenter.org/projects/ftwautopwn/, source code
McAllister, K.: Writing kernel exploits (2012). http://ugcs.net/keegan/talks/kernel-exploit/talk.pdf
Munshi, A., Ginsburg, D., Shreiner, D.: OpenGL(R) ES 2.0 Programming Guide, 1st edn. Addison-Wesley Professional, Reading (2008)
Piegdon, D.R.: Hacking in physically addressable memory - a proof of concept. In: Seminar of Advanced Exploitation Techniques (2006)
Sevinsky, R.: Funderbolt. adventures in thunderbolt dma attacks (2013). https://media.blackhat.com/us-13/US-13-Sevinsky-Funderbolt-Adventures-in-Thunderbolt-DMA-Attacks-Slides.pdf
Stewin, P., Bystrov, I.: Understanding DMA malware. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 21–41. Springer, Heidelberg (2013)
Vasiliadis, G., Polychronakis, M., Ioannidis, S.: GPU-assisted malware. In: Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE) (2010)
Acknowledgements
We would like to thank Luc Verhagen and his team for their work on the open source Mali GPU driver. We would also like to acknowledge the contribution of Christian Ludwig in the discovery of the bug presented in this paper. This research was partially funded by the BMWF grant 01IS12032.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Danisevskis, J., Piekarska, M., Seifert, JP. (2014). Dark Side of the Shader: Mobile GPU-Aided Malware Delivery. In: Lee, HS., Han, DG. (eds) Information Security and Cryptology -- ICISC 2013. ICISC 2013. Lecture Notes in Computer Science(), vol 8565. Springer, Cham. https://doi.org/10.1007/978-3-319-12160-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-12160-4_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12159-8
Online ISBN: 978-3-319-12160-4
eBook Packages: Computer ScienceComputer Science (R0)