GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans

Mordechai Guri

doi:https://doi.org/10.1007/978-3-031-22295-5_11

GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans

Mordechai Guri

Department of Software and Information Systems Engineering

Ben-Gurion University of the Negev

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Modern computer networks are secured with a wide range of products, including firewalls, intrusion detection and prevention systems (IDS/IPS), and access control mechanisms. But despite the multiple layers of security, these measures can be bypassed by motivated attackers. To cope with this threat, an ‘air-gap’ is a network security measure that may be taken where highly sensitive information needs to be protected. In this approach, the internal network is isolated from the Internet, physically and logically, to create a physical boundary with the outer digital world. In this paper, we show that attackers can leak data from air-gapped networks via covert acoustic signals. Our method doesn’t require speakers on infected computers. Malware running on the computer can use the GPU (graphics processing unit) fans and evasively control its speed. While the slight changes in the RPM (rotation per minute) speed are not noticeable to users, they can be used to modulate and encode binary information. A nearby receiver, such as a compromised smartphone or a laptop, can receive the covert acoustic signals and demodulate and decode the binary information. We discuss the attack model on air-gapped networks and provide relevant technical background and the characteristics of the GPU fans. We also present the covert channel’s design, implementation, and evaluation. The results show that a brief amount of sensitive information can be leaked several meters away via covert noises generated from the GPU fans.

Original language	American English
Title of host publication	Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings
Editors	Hans P. Reiser, Marcel Kyas
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	194-211
Number of pages	18
ISBN (Print)	9783031222948
DOIs	https://doi.org/10.1007/978-3-031-22295-5_11
State	Published - 1 Jan 2022
Event	27th Nordic Conference on Secure IT Systems, NordSec 2022 - Reykjavic, Iceland Duration: 30 Nov 2022 → 2 Dec 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13700 LNCS

Conference

Conference	27th Nordic Conference on Secure IT Systems, NordSec 2022
Country/Territory	Iceland
City	Reykjavic
Period	30/11/22 → 2/12/22

Keywords

Acoustic
Air-gap
Covert channel
Exfiltration
GPU

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

https://doi.org/10.1007/978-3-031-22295-5_11

Cite this

Guri, M. (2022). GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans. In H. P. Reiser, & M. Kyas (Eds.), Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings (pp. 194-211). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13700 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-22295-5_11

Guri, Mordechai. / GPU-FAN : Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans. Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings. editor / Hans P. Reiser ; Marcel Kyas. Springer Science and Business Media Deutschland GmbH, 2022. pp. 194-211 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{c2f2a86a0075469781adb412d355f1f7,

title = "GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans",

abstract = "Modern computer networks are secured with a wide range of products, including firewalls, intrusion detection and prevention systems (IDS/IPS), and access control mechanisms. But despite the multiple layers of security, these measures can be bypassed by motivated attackers. To cope with this threat, an {\textquoteleft}air-gap{\textquoteright} is a network security measure that may be taken where highly sensitive information needs to be protected. In this approach, the internal network is isolated from the Internet, physically and logically, to create a physical boundary with the outer digital world. In this paper, we show that attackers can leak data from air-gapped networks via covert acoustic signals. Our method doesn{\textquoteright}t require speakers on infected computers. Malware running on the computer can use the GPU (graphics processing unit) fans and evasively control its speed. While the slight changes in the RPM (rotation per minute) speed are not noticeable to users, they can be used to modulate and encode binary information. A nearby receiver, such as a compromised smartphone or a laptop, can receive the covert acoustic signals and demodulate and decode the binary information. We discuss the attack model on air-gapped networks and provide relevant technical background and the characteristics of the GPU fans. We also present the covert channel{\textquoteright}s design, implementation, and evaluation. The results show that a brief amount of sensitive information can be leaked several meters away via covert noises generated from the GPU fans.",

keywords = "Acoustic, Air-gap, Covert channel, Exfiltration, GPU",

author = "Mordechai Guri",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 27th Nordic Conference on Secure IT Systems, NordSec 2022 ; Conference date: 30-11-2022 Through 02-12-2022",

year = "2022",

month = jan,

day = "1",

doi = "https://doi.org/10.1007/978-3-031-22295-5_11",

language = "American English",

isbn = "9783031222948",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "194--211",

editor = "Reiser, {Hans P.} and Marcel Kyas",

booktitle = "Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings",

address = "Germany",

}

Guri, M 2022, GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans. in HP Reiser & M Kyas (eds), Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13700 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 194-211, 27th Nordic Conference on Secure IT Systems, NordSec 2022, Reykjavic, Iceland, 30/11/22. https://doi.org/10.1007/978-3-031-22295-5_11

GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans. / Guri, Mordechai.
Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings. ed. / Hans P. Reiser; Marcel Kyas. Springer Science and Business Media Deutschland GmbH, 2022. p. 194-211 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13700 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - GPU-FAN

T2 - 27th Nordic Conference on Secure IT Systems, NordSec 2022

AU - Guri, Mordechai

PY - 2022/1/1

Y1 - 2022/1/1

N2 - Modern computer networks are secured with a wide range of products, including firewalls, intrusion detection and prevention systems (IDS/IPS), and access control mechanisms. But despite the multiple layers of security, these measures can be bypassed by motivated attackers. To cope with this threat, an ‘air-gap’ is a network security measure that may be taken where highly sensitive information needs to be protected. In this approach, the internal network is isolated from the Internet, physically and logically, to create a physical boundary with the outer digital world. In this paper, we show that attackers can leak data from air-gapped networks via covert acoustic signals. Our method doesn’t require speakers on infected computers. Malware running on the computer can use the GPU (graphics processing unit) fans and evasively control its speed. While the slight changes in the RPM (rotation per minute) speed are not noticeable to users, they can be used to modulate and encode binary information. A nearby receiver, such as a compromised smartphone or a laptop, can receive the covert acoustic signals and demodulate and decode the binary information. We discuss the attack model on air-gapped networks and provide relevant technical background and the characteristics of the GPU fans. We also present the covert channel’s design, implementation, and evaluation. The results show that a brief amount of sensitive information can be leaked several meters away via covert noises generated from the GPU fans.

AB - Modern computer networks are secured with a wide range of products, including firewalls, intrusion detection and prevention systems (IDS/IPS), and access control mechanisms. But despite the multiple layers of security, these measures can be bypassed by motivated attackers. To cope with this threat, an ‘air-gap’ is a network security measure that may be taken where highly sensitive information needs to be protected. In this approach, the internal network is isolated from the Internet, physically and logically, to create a physical boundary with the outer digital world. In this paper, we show that attackers can leak data from air-gapped networks via covert acoustic signals. Our method doesn’t require speakers on infected computers. Malware running on the computer can use the GPU (graphics processing unit) fans and evasively control its speed. While the slight changes in the RPM (rotation per minute) speed are not noticeable to users, they can be used to modulate and encode binary information. A nearby receiver, such as a compromised smartphone or a laptop, can receive the covert acoustic signals and demodulate and decode the binary information. We discuss the attack model on air-gapped networks and provide relevant technical background and the characteristics of the GPU fans. We also present the covert channel’s design, implementation, and evaluation. The results show that a brief amount of sensitive information can be leaked several meters away via covert noises generated from the GPU fans.

KW - Acoustic

KW - Air-gap

KW - Covert channel

KW - Exfiltration

KW - GPU

UR - http://www.scopus.com/inward/record.url?scp=85147855655&partnerID=8YFLogxK

U2 - https://doi.org/10.1007/978-3-031-22295-5_11

DO - https://doi.org/10.1007/978-3-031-22295-5_11

M3 - Conference contribution

SN - 9783031222948

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 194

EP - 211

BT - Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings

A2 - Reiser, Hans P.

A2 - Kyas, Marcel

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 30 November 2022 through 2 December 2022

ER -

Guri M. GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans. In Reiser HP, Kyas M, editors, Secure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 194-211. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: https://doi.org/10.1007/978-3-031-22295-5_11

GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Cite this