Graphics Card Drivers New Target For Cyber Attacks

It seems like nothing is safe from Internet attacks these days after a security consultancy warned that now graphics card drivers could be a new target for cyber hackers.

British security consultancy Context disclosed in an advisory Thursday that security issues in WebGL, a browser Web standard designed to bring 3D graphics to Web pages on the Internet could leave users susceptible to denial of service and other cyber attacks.

WebGL is on by default in Firefox 4 and the recently hackable Google Chrome, and can be turned on in the latest versions of Safari.

The security issues enable hackers to execute malicious code on users' computers via a Web browser, which allows attacks on the GPU and graphics drivers that could render the entire machine unusable.

"These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design," security researcher James Forshaw wrote oin the Context advisory.

The problem occurs in the way that the WebGL is implemented, and the way current PC and Graphics Processor architectures are designed, Forshaw said.

Unlike other browser content, WebGL provides direct access to the graphics hardware, employing shader code that's uploaded then executed directly on the system. However, current hardware and graphics pipeline implementations are not designed to maintain security boundaries, experts say.

"Once a display list has been placed on the GPU by the schedule, it can be difficult to stop it, at least without causing obvious, system-wide visual corruption and instabilities," Forshaw wrote.

Subsequently, hackers could obtain access to the hardware drivers by crafting malicious code, and tricking a victim into installing it by opening a malicious Web page or clicking on infected content embedded on a legitimate site.

In addition, the WebGL API's direct access to the hardware also flings the door wide open for denial of service attacks. Unlike typical DoS attacks, in which the user's Web experience is blocked, the WebGL DoS exploit would crash the operating system or prevent users from being able to access their computer.

Windows 7 and Vista are less susceptible to attacks than XP due to the fact that their OS will be forced to reset if the GPU locks up for around two seconds, stopping all applications from using 3D graphics.

Next: Kronos Group Proposes Solution

In response to Context's advisory, the 3 to 5 Khronos Group, the open standards consortium that maintains WebGL specification, said it has developed a WebGL extension, called OpenGL, GL_ARB_robustness, "specifically designed to prevent denial of service and out-of-range memory access attacks from WebGL content."

Khronos Group says the extension has already been deployed by some GPU vendors, and predicts that it will rapidly gain adoption down the road. "Browsers can check for the presence of this extension before enabling WebGL content. This is likely to become the deployment mode for WebGL in the near future," Khronos Group said on its Web site.

However, Context said that the extension doesn't go far enough to address the issue, noting that resetting the graphics card and driver "should be seen as a crutch to OS stability" and not standard security mechanism.

Ultimately, Context said that WebGL wasn't ready for mass distribution, while recommending that users disable WebGL in their browsers.

"While there is certainly a demand for high-performance 3D content to be made available over the Web, the way in which WebGL has been specified insufficiently takes into account the infrastructure required to support it securely," according to the Context blog. 'Perhaps the best approach would be to design a specification for 3D graphics from the ground up with these issues in mind."