GPU Security Exposed

Presented at Black Hat Europe 2016, Nov. 4, 2016, 3:30 p.m. (30 minutes)

GPUs are found in millions of devices, allowing for stunning imagery to be generated on phones, tablets, and televisions. However, if we take a deeper look at how GPUs are programmed, the overall picture becomes much more bleak. GPUs directly accessing CPU memory, sensitive images not being cleared from graphics memory, and thin graphic APIs wrapping vendor specific implementations paint a darker picture. Recently discovered privilege escalation and DoS vulnerabilities uncovered by NCC Group will be discussed. These vulnerabilities affect many popular devices.

Presenters:

• Justin Taft - Security Consultant, NCC Group
  Justin Taft is a Security Consultant at NCC Group, a global information assurance specialist providing organizations with expert security consulting services. Justin specializes in web application security, reverse engineering, and native programming. Recently, Justin Taft has been listed in Code Aurora's Hall of Fame due to a vulnerability disclosure. Prior to NCC Group, Justin Taft was a software engineer for five years, focusing on designing, writing, and testing enterprise software.

Links:

• https://www.blackhat.com/eu-16/briefings/schedule/#gpu-security-exposed-4630
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2016/videos/GPU Security Exposed.mp4
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2016/videos/GPU Security Exposed.eng.srt (subtitles)
• https://www.youtube.com/watch?v=NevdIWGUqvg