> As described in Section 3, our prototype uses a loadable kernel module to [allow the GPU to monitor the keyboard buffer]. We should note that this choice was made only for convenience, and the same stealthy approaches that are typically used for the installation of kernel-level rootkits can be employed, e.g.,by exploiting a vulnerability and injecting malicious code directly into the kernel.

I'm not a security expert, so could the binary kernel module for the NVIDIA driver be exploited for this effect?

That is probably not what their meant, but if you are able to exploit the blob of the nvidia driver, then yes.

But you are already able to load a module into the kernel, then you already have root level access and other, easier, options are open for you.

Because modules can be easily listed and therefor monitored, a change of the modules could trigger an alarm to the admin. So it isn't really stealthy either.

A malicious kernel module can remove itself from the output of lsmod.

Good lord, I love CS paper titles.