You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger
Institute of Computer Science, Foundation for Research and Technology, Hellas, Greece
6th European Workshop on System Security (EuroSec), 2013
@article{ladakis2013you,
title={You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger},
author={Ladakis, Evangelos and Koromilas, Lazaros and Vasiliadis, Giorgos and Polychronakis, Michalis and Ioannidis, Sotiris},
year={2013}
}
Keyloggers are a prominent class of malware that harvests sensitive data by recording any typed in information. Keylogger implementations strive to hide their presence using rootkit-like techniques to evade detection by antivirus and other system protections. In this paper, we present a new approach for implementing a stealthy keylogger: we explore the possibility of leveraging the graphics card as an alternative environment for hosting the operation of a keylogger. The key idea behind our approach is to monitor the system’s keyboard buffer directly from the GPU via DMA, without any hooks or modifications in the kernel’s code and data structures besides the page table. The evaluation of our prototype implementation shows that a GPU-based keylogger can effectively record all user keystrokes, store them in the memory space of the GPU, and even analyze the recorded data in-place, with negligible runtime overhead.
April 19, 2013 by hgpu