TY - GEN
T1 - GPU-FAN
T2 - 27th Nordic Conference on Secure IT Systems, NordSec 2022
AU - Guri, Mordechai
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022/1/1
Y1 - 2022/1/1
N2 - Modern computer networks are secured with a wide range of products, including firewalls, intrusion detection and prevention systems (IDS/IPS), and access control mechanisms. But despite the multiple layers of security, these measures can be bypassed by motivated attackers. To cope with this threat, an ‘air-gap’ is a network security measure that may be taken where highly sensitive information needs to be protected. In this approach, the internal network is isolated from the Internet, physically and logically, to create a physical boundary with the outer digital world. In this paper, we show that attackers can leak data from air-gapped networks via covert acoustic signals. Our method doesn’t require speakers on infected computers. Malware running on the computer can use the GPU (graphics processing unit) fans and evasively control its speed. While the slight changes in the RPM (rotation per minute) speed are not noticeable to users, they can be used to modulate and encode binary information. A nearby receiver, such as a compromised smartphone or a laptop, can receive the covert acoustic signals and demodulate and decode the binary information. We discuss the attack model on air-gapped networks and provide relevant technical background and the characteristics of the GPU fans. We also present the covert channel’s design, implementation, and evaluation. The results show that a brief amount of sensitive information can be leaked several meters away via covert noises generated from the GPU fans.
AB - Modern computer networks are secured with a wide range of products, including firewalls, intrusion detection and prevention systems (IDS/IPS), and access control mechanisms. But despite the multiple layers of security, these measures can be bypassed by motivated attackers. To cope with this threat, an ‘air-gap’ is a network security measure that may be taken where highly sensitive information needs to be protected. In this approach, the internal network is isolated from the Internet, physically and logically, to create a physical boundary with the outer digital world. In this paper, we show that attackers can leak data from air-gapped networks via covert acoustic signals. Our method doesn’t require speakers on infected computers. Malware running on the computer can use the GPU (graphics processing unit) fans and evasively control its speed. While the slight changes in the RPM (rotation per minute) speed are not noticeable to users, they can be used to modulate and encode binary information. A nearby receiver, such as a compromised smartphone or a laptop, can receive the covert acoustic signals and demodulate and decode the binary information. We discuss the attack model on air-gapped networks and provide relevant technical background and the characteristics of the GPU fans. We also present the covert channel’s design, implementation, and evaluation. The results show that a brief amount of sensitive information can be leaked several meters away via covert noises generated from the GPU fans.
KW - Acoustic
KW - Air-gap
KW - Covert channel
KW - Exfiltration
KW - GPU
UR - http://www.scopus.com/inward/record.url?scp=85147855655&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-22295-5_11
DO - 10.1007/978-3-031-22295-5_11
M3 - Conference contribution
AN - SCOPUS:85147855655
SN - 9783031222948
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 194
EP - 211
BT - Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings
A2 - Reiser, Hans P.
A2 - Kyas, Marcel
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 30 November 2022 through 2 December 2022
ER -