Crypto Miner Attack: GPU Remote Code Execution Attacks
It addresses a security threat for AI/ML practitioners, highlighting an underexplored attack vector that can lead to significant financial and computational costs, but is incremental in focusing on specific vulnerabilities rather than a new paradigm.
This paper tackles the problem of Remote Code Execution (RCE) attacks on GPU-accelerated AI/ML systems, demonstrating an exploit that deploys a crypto miner on a GPU by leveraging deserialization vulnerabilities and custom layers like TensorFlow Lambda layers.
Remote Code Execution (RCE) exploits pose a significant threat to AI and ML systems, particularly in GPU-accelerated environments where the computational power of GPUs can be misused for malicious purposes. This paper focuses on RCE attacks leveraging deserialization vulnerabilities and custom layers, such as TensorFlow Lambda layers, which are often overlooked due to the complexity of monitoring GPU workloads. These vulnerabilities enable attackers to execute arbitrary code, blending malicious activity seamlessly into expected model behavior and exploiting GPUs for unauthorized tasks such as cryptocurrency mining. Unlike traditional CPU-based attacks, the parallel processing nature of GPUs and their high resource utilization make runtime detection exceptionally challenging. In this work, we provide a comprehensive examination of RCE exploits targeting GPUs, demonstrating an attack that utilizes these vulnerabilities to deploy a crypto miner on a GPU. We highlight the technical intricacies of such attacks, emphasize their potential for significant financial and computational costs, and propose strategies for mitigation. By shedding light on this underexplored attack vector, we aim to raise awareness and encourage the adoption of robust security measures in GPU-driven AI and ML systems, with an emphasis on static and model scanning as an easier way to detect exploits.