Most people involved in IT, or IT security will always tell you the greatest threat are usually the people with local access to a machine. This story is not much different but is a proof of concept for an unusual method. Researchers, and would-be attackers, are constantly looking at different means of exploiting vulnerabilities. Sometimes they occur via new and ingenious ways. Sometimes it can be a reapplication of an older, oft forgotten, technique.
Researchers at Duo Security, a part of CISCO, have used one such old technique combined with modern tech. As proof of concept they have shown how to get a workstation GPU to broadcast radio signals. Virtually all electronic equipment emits some kind of electromagnetic ‘noise’. For most, in the age of digital, this is easily mitigated through insulated cables, software, or hardware implementations. It usually takes an extreme amount of traffic to garner attention from most users in either the work or home space. Exceptions to this are usually issues relating to Wi-Fi or cell bars. In the age of analog, it was a much more pronounced issue but a few people became aware of some interesting exploits.
Emission Security
Duo Security digs right in by a brief history lesson coming from the end of WWII. Technicians from Bell Labs reported on a fascinating incident. In turn it led to the creation of a new acronym, TEMPEST. This stands for “Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions”. My first experience with this, and some other people may have also accidentally happened upon it, was fiddling with old analog antenna’s back in the day. With the right combination of fiddling and tweaking things I stumbled upon a neighbors, cable T.V. signal. My next experience was in a college IT security class where the professor provided a story about how a researcher was able to reproduce an image from a LCD display in one room from another using a material over a display. This story shares aspects of each of these experiences.
The Test
In the test they used two computers. One was located fifty feet away, in another room separated by a wall, with a high-end USB radio receiver. The victim, a Dell Precision 3430 workstation had a Radeon Pro WX 3100 graphics card. This system did not have wireless ability either. They essentially shifted between clock frequencies which in turn caused power draw changes. If you’ve put a radio next to a microwave, T.V., hair dryer, or electric motor, you can witness a similar phenomenon. With a digital device, however, you can ‘dial in’ a much more precise occurrence. By shifting clock frequencies, they can create specific EM noise. With the binary nature of digital it would not be difficult to cultivate a system to broadcast data.
No one should be getting too worried about this or try to lay blame at AMD, or any other GPU manufacturer, over this yet. It still has a long way to go before becoming much more than fodder for a 007 movie. An attacker would likely need to have local access to affect the GPU to perform the tasks they did in their test. The amount of info that could be transmitted would also be very limited as well using these methods. There’s far more things to consider with side channel attacks and other vulnerabilities. Most of those often require local access as well.