News Researchers Turn AMD Radeon GPU Into a Radio Transmitter to Steal Data

[Admin]

Researchers changed the clock rates on an AMD Radeon GPU to transmit data via radio waves to steal data.

Researchers Turn AMD Radeon GPU Into a Radio Transmitter to Steal Data : Read more

 

[Pat Flynn]

I think the IT Security world has or will need to start a shift from reactive security, to pro-active training for ALL staff. The entire population needs to know how to identify malware threats to cut down on this kind of stuff.

P.S. - if it wasn't stated clearly in this article, nearly all (or all?) side-channel attacks need some form of malware to compromise the computer to gain access to the data. This means training people to identify the threats instead of relying on anti-virus suites for zero day threats.

 

[King_V]

How did we wind up with a second posting for this same news article?

 

[GenericUser]

I think the IT Security world has or will need to start a shift from reactive security, to pro-active training for ALL staff. The entire population needs to know how to identify malware threats to cut down on this kind of stuff.

P.S. - if it wasn't stated clearly in this article, nearly all (or all?) side-channel attacks need some form of malware to compromise the computer to gain access to the data. This means training people to identify the threats instead of relying on anti-virus suites for zero day threats.

I think part of the issue is even the companies that do train their more "general" employees on good cybersecurity practices, most people just shrug it off as another "check-in-the-box corporate training session" and just want to get on with their day, or it's "not my problem", or "we won't get hacked, or any excuse really.

The average employee isn't going to care that much to know about good cybersecurity practices. Does that mean companies should just give up and not bother? No, but until everyone from the IT staff and dedicated cybersecurity professionals in the organization, down to the guy in the mail room give a crap, the biggest threat will continue to be the inside threat.

 

[hannibal]

What this mean is that companies prevent installation of any programs to work computers. And there will not be allovance to any job related tasks at home computers...
The situation is near that, but it will get even tighter. This same thing most likely could be done to cell phones...

 

[drea.drechsler]

This is actually unsurprising. When I was in the military they had a acronym term for it: TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions).

Even back in the 1970's it was a problem, way before PC's and word processors. Electric typwriters, in particular, would transmit a unique signal for every key pressed. So someone sitting outside an unshielded office building in a surveillance van on the street could intercept every keystroke of the typewriter as a clerk typed out a classified memo.

I supposed that was why many offices used mechanical typewriters way after most of the civilians used electric. TEMPEST security was a big deal.

 

[Xlen]

This technically isn't anything new, we knew it's possible to do it on CPUs around 10 years ago, this is simply more proof that it's possible and easier than ever and there is no way to hide from it...

 

[bit_user]

What this mean is that companies prevent installation of any programs to work computers.

That's not remotely realistic for many people whose job it is to develop software.

This same thing most likely could be done to cell phones...

No. My employer already uses Microsoft's cell phone security software (I think it's called InTune?). It's already so onerous that I refuse to run it on my personal phone. If they want me to access company resources from a cell phone, they'll have to buy me one.

Anyway, by raising the bar too high for cell phone security, you have people's unsecured phones in the workplace.

 

[bit_user]

When I was in the military they had a acronym term for it: TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions).

I don't know if it was under the same program, but a guy I knew who worked in a lab that did DoD or DARPA research described how their CRT monitors basically had to be in Faraday cages. Annoyingly, it meant looking though a wire mesh that was the equivalent of a window screen.

It makes me wonder whether there's a solution to these RF side-channel attacks that could involve simply improving the EMI shielding of the workstations.

 

[bit_user]

This technically isn't anything new, we knew it's possible to do it on CPUs around 10 years ago,

Did it work on the same principle of altering the CPU's clock speed?

What surprised me about this is that I expected it to involve running shader programs that modulated a signal through alternating between running loops and idling. I didn't expect it would be as simple as just manipulating the base clock frequency.

 

[drea.drechsler]

[....

Did it work on the same principle of altering the CPU's clock speed?

What surprised me about this is that I expected it to involve running shader programs that modulated a signal through alternating between running loops and idling. I didn't expect it would be as simple as just manipulating the base clock frequency.

I have to imagine there are ample opportunities considering the number of extemely high frequencies clocks and data paths inside of computers that could be monitored by any of the sensitive RF receivers and spectrum analyzers that are readily available. We don't make it hard, either, as we now use cases with windows for side panels and open-air cases even. And we've even removed the ferrite beads from cables (those lumps you often saw close to the connectors) that attenuated the signals before they could be conducted outside the case.

Security against this exploit is actually pretty simple. Just ensure your CPU case is well shielded with metal completely surrounding all electronic parts and no large holes, meaning metal fan grills are intact, and all screws are tightly installed. Tempered glass side panels should be metallized.

 

[mchldpy]

There are still people that look at you like your speaking a Foreign Language when you say "Air Gap". Those are usually the same bunch that believe Star Trek was filmed
"On Location".

 

[Questors]

How does modulating the card to pick up a radio frequency enable the stealing of data? How does this enable a person to capture what the system in question is processing? Or a fan vibration for that matter? This is what I want to know.