Skip to main content
SpringerLink
Log in

GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans

  • Conference paper
  • First Online:
Book cover Secure IT Systems (NordSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13700))

Included in the following conference series:

Abstract

Modern computer networks are secured with a wide range of products, including firewalls, intrusion detection and prevention systems (IDS/IPS), and access control mechanisms. But despite the multiple layers of security, these measures can be bypassed by motivated attackers. To cope with this threat, an ‘air-gap’ is a network security measure that may be taken where highly sensitive information needs to be protected. In this approach, the internal network is isolated from the Internet, physically and logically, to create a physical boundary with the outer digital world.

In this paper, we show that attackers can leak data from air-gapped networks via covert acoustic signals. Our method doesn’t require speakers on infected computers. Malware running on the computer can use the GPU (graphics processing unit) fans and evasively control its speed. While the slight changes in the RPM (rotation per minute) speed are not noticeable to users, they can be used to modulate and encode binary information. A nearby receiver, such as a compromised smartphone or a laptop, can receive the covert acoustic signals and demodulate and decode the binary information. We discuss the attack model on air-gapped networks and provide relevant technical background and the characteristics of the GPU fans. We also present the covert channel’s design, implementation, and evaluation. The results show that a brief amount of sensitive information can be leaked several meters away via covert noises generated from the GPU fans.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. New nation-state cyberattacks - microsoft on the issues. https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/. Accessed 09 Apr 2022

  2. Ronin hack: North korea’s lazarus behind \$540 million axe infinity breach | wired. https://www.wired.com/story/ronin-hack-lazarus-tmobile-breach-data-malware-telegram/. Accessed 09 Apr 2022

  3. Agent.btz - Wikipedia. https://en.wikipedia.org/wiki/Agent.BTZ. Accessed 09 May 2022

  4. Kushner, D.: The real story of stuxnet. IEEE Spectr. 50(3), 48–53 (2013)

    Article  Google Scholar 

  5. ESET research discovers cyber espionage framework Ramsay | ESET. https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-discovers-cyber-espionage-framework-ramsay/. Accessed 09 May 2022

  6. Tick group weaponized secure USB drives to target air-gapped critical systems. https://unit42.paloaltonetworks.com/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/. Accessed 09 May 2022

  7. Mazurczyk, W., Wendzel, S., Zander, S., Houmansadr, A., Szczypiorski, K.: Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures. John Wiley, Hoboken (2016)

    Google Scholar 

  8. Guri, M., Elovici, Y.: Bridgeware: the air-gap malware. Commun. ACM 61(4), 74–82 (2018)

    Article  Google Scholar 

  9. Guri, M., Solewicz, Y., Elovici, Y.: Fansmitter: acoustic data exfiltration from air-gapped computers via fans noise. Comput. Secur. 91, 101721 (2020)

    Article  Google Scholar 

  10. Assante, M. J., Lee, R. M.: The industrial control system cyber kill chain. SANS Inst. InfoSec Read. Room 1 (2015)

    Google Scholar 

  11. The big hack: How china used a tiny chip to infiltrate U.S. companies - Bloomberg. https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies. Accessed 09 Apr 2022

  12. Guri, M., Kedma, G., Kachlon, A., Elovici, Y.: AirHopper: bridging the Air-Gap between isolated networks and mobile phones using radio frequencies. In: Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on, pp. 58–67. IEEE (2014)

    Google Scholar 

  13. Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y., Elovici, Y.: GSMem: data exfiltration from air-gapped computers over GSM frequencies. In: USENIX Security Symposium, pp. 849–864 (2015)

    Google Scholar 

  14. funtenna - GitHub (2016). https://github.com/funtenna. Accessed 09 May 2022

  15. Guri, M., Monitz, M., Elovici, Y.: USBee: Air-Gap covert-channel via electromagnetic emission from USB. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 264–268. IEEE (2016)

    Google Scholar 

  16. Guri, M., Zadov, B., Elovici, Y.: ODINI: escaping sensitive data from faraday-caged, air-gapped computers via magnetic fields. IEEE Trans. Inf. Forensics Secur. 15, 1190–1203 (2019)

    Article  Google Scholar 

  17. Guri, M., Zadov, B., Bykhovsky, D., Elovici, Y.: PowerHammer: exfiltrating data from Air-Gapped computers through power lines. IEEE Trans. Inf. Forensics Secur. 15, 1879–1890 (2019)

    Article  Google Scholar 

  18. Shao, Z., Islam, M.A., Ren, S.: Your noise, my signal: exploiting switching noise for stealthy data exfiltration from desktop computers. Proc. ACM Meas. Anal. Comput. Syst. 4(1), 1–39 (2020)

    Article  Google Scholar 

  19. Loughry, J., Umphress, D.A.: Information leakage from optical emanations. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(3), 262–289 (2002)

    Article  Google Scholar 

  20. Guri, M., Zadov, B., Bykhovsky, D., Elovici, Y.: CTRL-ALT-LED: leaking data from Air-Gapped computers via keyboard LEDs. In: 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 801–810. IEEE (2019)

    Google Scholar 

  21. Nassi, B., Shamir, A., Elovici, Y.: Xerox day vulnerability. IEEE Trans. Inf. Forensics Secur. 14(2), 415–430 (2018)

    Article  Google Scholar 

  22. Guri, M., Zadov, B., Elovici, Y.: LED-it-GO: leaking (A Lot of) data from Air-Gapped computers via the (Small) hard drive LED. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 161–184. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_8

    Chapter  Google Scholar 

  23. Guri, M., Zadov, B., Daidakulov, A., Elovici, Y.: xlED: covert data exfiltration from Air-Gapped networks via switch and router LEDs. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–12. IEEE (2018)

    Google Scholar 

  24. Guri, M., Bykhovsky, D., Elovici, Y.: Brightness: leaking sensitive data from Air-Gapped workstations via screen brightness. In: 2019 12th CMI Conference on Cybersecurity and Privacy (CMI), pp. 1–6. IEEE (2019)

    Google Scholar 

  25. Guri, M., Monitz, M., Mirski, Y., Elovici, Y.: BitWhisper: covert signaling channel between Air-Gapped computers using thermal manipulations. In: 2015 IEEE 28th Computer Security Foundations Symposium (CSF), pp. 276–289. IEEE (2015)

    Google Scholar 

  26. Madhavapeddy, A., Sharp, R., Scott, D., Tse, A.: Audio networking: the forgotten wireless technology. IEEE Pervasive Comput. 4(3), 55–60 (2005)

    Article  Google Scholar 

  27. Carrara, B., Adams, C.: On acoustic covert channels between Air-Gapped systems. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 3–16. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_1

    Chapter  Google Scholar 

  28. Guri, M., Solewicz, Y., Elovici, Y.: Mosquito: covert ultrasonic transmissions between two Air-Gapped computers using speaker-to-speaker communication. In 2018 IEEE Conference on Dependable and Secure Computing (DSC), pp. 1–8. IEEE (2018)

    Google Scholar 

  29. Deshotels, L.: Inaudible sound as a covert channel in mobile devices. In: WOOT (2014)

    Google Scholar 

  30. Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y.: Acoustic data exfiltration from speakerless Air-Gapped computers via covert hard-drive noise (‘DiskFiltration’). In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 98–115. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_6

    Chapter  Google Scholar 

  31. Guri, M.: Cd-leak: leaking secrets from audioless Air-Gapped computers using covert acoustic signals from CD/DVD drives. In: 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 808–816. IEEE (2020)

    Google Scholar 

  32. Guri, M.: Power-supplay: Leaking sensitive data from air-gapped, audio-gapped systems by turning the power supplies into speakers. IEEE Trans. Dependable Secure Comput., 1 (2021)

    Google Scholar 

  33. Nstissamtempest/2-95 (2000). https://cryptome.org, https://cryptome.org/tempest-2-95.htm. Accessed 09 May 2022

  34. Products - pulsar instruments plc (2018). https://pulsarinstruments.com/en/categories. Accessed 09 May 2022

Download references

Author information

Authors and Affiliations

  1. Cyber Security Research Center, Ben-Gurion University of the Negev, 8410501, Beer-Sheva, Israel

    Mordechai Guri

Authors
  1. Mordechai Guri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mordechai Guri .

Editor information

Editors and Affiliations

  1. Reykjavik University, Reykjavik, Iceland

    Hans P. Reiser

  2. Reykjavik University, Reykjavik, Iceland

    Marcel Kyas

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Guri, M. (2022). GPU-FAN: Leaking Sensitive Data from Air-Gapped Machines via Covert Noise from GPU Fans. In: Reiser, H.P., Kyas, M. (eds) Secure IT Systems. NordSec 2022. Lecture Notes in Computer Science, vol 13700. Springer, Cham. https://doi.org/10.1007/978-3-031-22295-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22295-5_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22294-8

  • Online ISBN: 978-3-031-22295-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation