
A Stealthy GPU-Based Keylogger (2013) [pdf] - LaSombra
http://www.cs.columbia.edu/~mikepo/papers/gpukeylogger.eurosec13.pdf
======
zubirus
> As described in Section 3, our prototype uses a loadable kernel module to
> [allow the GPU to monitor the keyboard buffer]. We should note that this
> choice was made only for convenience, and the same stealthy approaches that
> are typically used for the installation of kernel-level rootkits can be
> employed, e.g.,by exploiting a vulnerability and injecting malicious code
> directly into the kernel.

I'm not a security expert, so could the binary kernel module for the NVIDIA
driver be exploited for this effect?

~~~
bebna
That is probably not what their meant, but if you are able to exploit the blob
of the nvidia driver, then yes.

But you are already able to load a module into the kernel, then you already
have root level access and other, easier, options are open for you.

Because modules can be easily listed and therefor monitored, a change of the
modules could trigger an alarm to the admin. So it isn't really stealthy
either.

~~~
nitrogen
A malicious kernel module can remove itself from the output of lsmod.

------
octatoan
Good lord, I love CS paper titles.

