GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

Another week, another exploit against an air-gapped computer. And this time, the attack is particularly clever and pernicious: turning a GPU into a radio transmitter.

The first part of [Mikhail Davidov] and [Baron Oldenburg]’s article is a review of some of the basics of exploring the RF emissions of computers using software-defined radio (SDR) dongles. Most readers can safely skip ahead a bit to section 9, which gets into the process they used to sniff for potentially compromising RF leaks from an air-gapped test computer. After finding a few weak signals in the gigahertz range and dismissing them as attack vectors due to their limited penetration potential, they settled in on the GPU card, a Radeon Pro WX3100, and specifically on the power management features of its ATI chipset.

With a GPU benchmarking program running, they switched the graphics card shader clock between its two lowest power settings, which produced a strong signal on the SDR waterfall at 428 MHz. They were able to receive this signal up to 50 feet (15 meters) away, perhaps to the annoyance of nearby hams as this is plunk in the middle of the 70-cm band. This is theoretically enough to exfiltrate data, but at a painfully low bitrate. So they improved the exploit by forcing the CPU driver to vary the shader clock frequency in one megahertz steps, allowing them to implement higher throughput encoding schemes. You can hear the change in signal caused by different graphics being displayed in the video below; one doesn’t need much imagination to see how malware could leverage this to exfiltrate pretty much anything on the computer.

It’s a fascinating hack, and hats off to [Davidov] and [Oldenburg] for revealing this weakness. We’ll have to throw this on the pile with all the other side-channel attacks [Samy Kamkar] covered in his 2019 Supercon talk.

[via Tom’s Hardware]

31 thoughts on “GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

    1. I think the way they implemented it probably would not sure though, being an ‘air-gapped’ computer though quite probably it wouldn’t run any security software at all. And while the idea is new its relatively trivial to make this kind of buggering about avoid the triggers on security software. Once the idea idea is published its much harder as hopefully people keep the security software patched AND the software they use is keeping up with current threat vectors.

      Not sure with how many programs latch onto GPU’s and create load and dynamic power management situations it would be possible to really make this exploit work in the real world without your malware being the GPU driver… But then like most of these attacks it also comes down to just how fast you need to get data out – should you really need to send MB/s or even GB/s you will have to be forcing the gpu into broadcast state often. Where should a handful of MB a day be all you need just detect conditions that will create your signal and fire off a few bytes each time. Which would be really hard to notice even if knew to look for something – there is so much noise unless you are listening for the exact right signal modulation its going to be hard to see the wood for the trees.

    1. Agreed! TEMPEST focused heavily using shielding to prevent radio signals, whatever their source, from leaking into the airwaves.

      And those who note that this exploit requires physical access to the computer forget that there’s a way around that. Computers made in a country that hates practically every other country on the planet gives it the opportunity to build in various features that lie in wait, only becoming active when certain criteria are met. The very fact that a computer is air-gapped could be the trigger that activates this spyware.

  1. This is misleading. It allows exfiltration of data from an airgapped computer if it was already compromised. It won’t allow you to infiltrate it (compromise it) in the first place.

    1. A false sense of security from it not being networked could lead to a bit of sloppiness with regards to free USB drives found in the parking lot, or indy rap albums handed out on street corners. Or free input device “your name here” samples coming through the mail. Or cleaners or telephone techs having brief access, enough to load something, but not enough to index the disk or grep files for things of interest, or download the whole lot to a single floppy which takes like 10 seconds in the movies.

        1. Even if you do know not to do those things it doesn’t stop the machine from being compromised at install (linux/bsd etc might get lots of eyes on it but it can take years for bad code to get noticed still – and Windon’t and Apples walled gardens might be harder to sneak a new exploit into but are already full of nasty). Even possible to compromise long before installing by something embedded in a BIOS chip etc.

    2. It sounds like with some effort, you could likely decode what’s displayed on the screen for subsequent playback. It’s entirely possible that could allow exfiltration of data from an “uncompromised” computer.

      1. That would be almost impossible as signal propagation matters. They had to force the clock to a mode it wouldn’t usually be in while under high load to get a signal they could detect at meaningful range. Which is not to say it can’t be done. Much like NFC on payment cards – supposed to only be able to travel a tiny distance but with the right directional high gain antenna you can skim read NFC from far greater ranges.

  2. Not to quibble, but, the 70cm ham band runs from 430-440 Mhz in most countries. In the US, it runs from 420 to 450 Mhz, but the majority of ham activity in the US occurs in the 430-450 range. In CA and AU, it goes from 430-450 Mhz. 420-430 Mhz is also prohibited (by treaty between US and CA) north of line A and east of line C (which are close to but on the US side of) the borders along eastern AK and the northern US.

    It’s actually unlikely that a signal that could only be received 50 feet away and 2Mhz below most activity on the band would annoy very many Hams.

    1. Quote: It’s actually unlikely that a signal that could only be received 50 feet away and 2Mhz below most activity on the band would annoy very many Hams.

      I’d add that most computers generate so much radio noise throughout the spectrum that efforts to spot this low-powered signal might come up with nothing. It’d be written off as just more computer noise, particularly in an environment with dozens or even hundreds of computers nearby.

  3. Looks like that exploit from the Pine Gap Netflix mini-series, used to export classified data from a “secure” data extraction PC in a server room. Though in the episode, in the expected fictive fashion, the feed can be picked up from much farther away (like 200ft) and it can transfer files at a much higher speed.

    1. Though radio waves don’t just hit an invisible wall and fall to the ground at 50ft, it may just mean you need a bigger antenna. Even if it’s getting swamped by noise, if you know where it is, one can use additive active processing techniques from multiple antennas or arrays.

          1. Indeed, its not an antenna its just a new cladding made from recycled plastic?! (Somehow I doubt anybody in the spy game would find that plausible – but then how many engineers/physicists/HAMS/Builders do they have to notice the discrepencies? Maybe it would be an effective disguise afterall..)

  4. This involves a lot of planets to be in alignment so to speak to function properly but a neat PoC. If they want to snag my pics of cats sleeping in synthesizers then so be it lol.

  5. Depending on the speed of exfiltration needed, this could be used for much longer ranges than 50ft. It might be slow as hell but if you are trying to steal something simple like a private key then this is sufficient.

  6. Give me a break, this isn’t for nuclear codes. This is for civilian use. If there’s money to be made the never worked right’s will come out of their mouse holes with a relative drone. There’s nobody within a 50 ft range of nuclear codes. There’s somebody within 50 ft of a girl who’s nudes might trade for hacks or other favors. There’s the modern inventors that are broke that have like no chance of getting accredited due to stuff like this that would of been called crazy for questioning the sanctity of an air gabbed work computer. They release the info now so that they can say it got proliferated because they prolly felt they were going to get caught another way by word of mouth or humans properly communicating in other words. And if they got it working on a potato gpu you know they got it working at like 10 times the speed of transfer when they have a larger amount of clock cycles to fluctuate.

  7. The emission comment above reminded me of a presentation I recently watched where was noted that Windows systems basically are so noisy that jam abilities for a remote sensing method I didn’t realize was real. (watch to 45:58 at least)

    I’d like to see the spectral profiles now of all the operating systems, ideally on a range of hardware systems also. I’m sure some public entity has the data somewhere you’d thinking for FCC and other regulatory agencies EMC testing.

  8. Could this method be used to hack a personal computer network? My family member has had a major hack he can’t get rid of. I won’t hijack this thread with all he’s gone through. But this signal leak reference caught my attention. No one has been able to help him so far and it’s been 3 months non stop.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.