GPU Security Hole – SSD Data problems – Snooper’s Charter Fail

Security News

ssddlsj

SSDs (Solid State Drives) data retention fades over time unlike spinning mechanical disks.

and

The curious case of Graphics Cards (GPUs) being infected with a virus and Key Logger.

I listen to a lot of podcasts and filter out the things that are ‘chewing gum’, but now and again my ears prick up and I think… Wow!

SSD Shelf Life

Many people take their SSDs out and replace them to archive it’s contents. It is now suggested that if you wish to archive you should only use Spinning Drives (not SSD’s) as they can fail without power over time. They are temperature dependent and last longer ‘unplugged’ if kept cold’. But it is clear that SSDs are best running Operating Systems (OS) that are regularly used. Than storing data for future use. It is probably better to buy large Green Drives with a slower spin rate 5400 2TB, and store on them, especially if you plan on not using them for a year or two for a backup.

Here is some data

ssdchart

So if you have SSDs make sure you have them plugged in – for now at least as they slowly lose their charge over time if not powered.

 

Snooper’s Charter? Why Backdoors and snooping is going to increase the difficulty of surveillance.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/snoopers-charter-set-to-return-to-law-as-theresa-may-suggests-conservative-majority-could-lead-to-huge-increase-in-surveillance-powers-10235578.html

There are a few stories running around, like the the UK government assuming they can have a Snooper’s Charter, when end-to-end-encryption is so easy to achieve these days even by those with limited technical ability, and that a large percentage of traffic comes in from the USA on the net, and only this week their highest court has voted against the NSA snooping. So where does that leave re-elected UK Prime Minister Mr Cameron? At the moment, the UK Gov can snoop (and does using terorrism as their reasons which most would agree is legitimate to protect citizens), and I would leave it at that. What may well happen as a result of increased state snooping, and the public now becoming increasingly aware of it through news stories and the net, will lead to public also upping their game, and the state being unable to read the majority of traffic moving around the net, as more and more citizens will encrypt believing they are being watched (even if they are not), this same logic now applies to CCTV where young people often wear hoodies/baseball caps and face scarfs even if they are behaving perfectly legally. So the CCTV operators still struggle to know who they are, when a local beat police officer 10 years before this was installed knew everyone’s face and had a relationship with the community. The secret is to know when to draw the line, and it is clear people will find encrypted end-to-end methods, or use systems and VPN (Virtual Private Networks) outside the UK to communicate. The parochial logic of little Britain being able to control this when the whole world is moving data is questionable. Especially when only last week one of the world’s leading encryption experts told the US Gov that there is no way they can backdoor encrypted software without opening it all up to criminals. A door created in anything is an open to anyone who knows where the door is, and can walk straight through it. It is quite ‘simple’ really.

I would recommend anyone interested in this to read this article. And why backdoors are a bad idea!

Why Backdoors are a bad idea

Here is the summary of Jonathan Mayer (Computer Scientist and Lawyer at Stanford USA)
He states:

The frustration felt by law enforcement and intelligence officials is palpable and understandable. Electronic surveillance has revolutionized both fields, and it plays a legitimate role in both investigating crimes and protecting national security. The possibility of losing critical evidence, even if rare, should be cause for reflection. Cryptographic backdoors are, however, not a solution. Beyond the myriad other objections, they pose too much of a cost-benefit asymmetry. In order to make secure apps just slightly more difficult for criminals to obtain, and just slightly less worthwhile for developers, the government would have to go to extraordinary lengths. In an arms race between cryptographic backdoors and secure apps, the United States would inevitably lose. (http://webpolicy.org/2015/04/28/you-cant-backdoor-a-platform/)

Then this week we have this:

Top federal court strikes down NSA bulk phone surveillance program! — Illegal.
http://rare.us/story/top-federal-court-strikes-down-nsa-phone-surveillance-program/
http://www.tgdaily.com/mobile/132351-court-rules-nsa-bulk-phone-snooping-illegal
● Last Thursday, United States Court of Appeals for the Second Circuit in New York ruled
that the NSA’s snooping program that collects Americans’ phone records in bulk is
illegal.

Priminister of the David Cameron perhaps should slow down a little before he cannot read anything!

 

GPU Keyloggers

Steven Gibson of GRC explains that “Jellyfish” GPU-infected Malware, proof-of-concept
● GPU-based rootkit and keylogger offer superior stealth and computing power
http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-offersuperior-
stealth-and-computing-power/
● New Linux rootkit leverages graphics cards for stealth
http://www.pcworld.com/article/2920612/new-linux-rootkit-leverages-gpus-for-st
ealth.html
https://github.com/x0r1/jellyfish
● Github: Jellyfish is a Linux based userland gpu rootkit proof of concept project utilizing
the LD_PRELOAD technique from Jynx (CPU), as well as the OpenCL API developed by
Khronos group (GPU). Code currently supports AMD and NVIDIA graphics cards.
However, the AMDAPPSDK does support Intel as well.

In a nutshell when you type your keystrokes are temporarily buffered between you and the target program. And Because GPU (Graphics Cards) have the highest level of access to your system (obviously) and are now computers within themselves (as is shown in coin mining), and have their own operating systems/drivers, malicious code is now being proved to be housed within GPUs that bypass the usual security on computers.

Some advantages of gpu stored memory:

  • No gpu malware analysis tools available on web
  • Can snoop on cpu host memory via DMA
  • Gpu can be used for fast/swift mathematical calculations like xor’ing or parsing
  • Stub/signature generation
  • Malicious memory may be retained across warm reboots. (Did more conductive research on the theory of malicious memory still being in gpu after shutdown).

It is now suggested that this is a very very serious issue! It also means that there may well need to be updatable anti-spyware programs that purely focus of protecting your GPUs from now on. Hopefully manufacturers of GPUs are looking closely at this and will offer patches and protections as we move forward, but for now this is very worrying!

As how do you know?

 

 


Posted

in

,

by