A group of researchers from security company Duo has shown that it is possible use a video card – without modifying the hardware – as a data transmitter via radio waves. The researchers spoke on the clock frequency of GPU shaders of an AMD Radeon Pro WX 3100 thus turning it into a radio transmitter that allowed them to receive data from a PC, even at a distance of 15 meters and behind a wall.
In recent days we have seen that it is possible to subtract information from a PC by exploiting the only vibration of the fans and basically the idea behind this similar attack, as it is a matter of arriving at obtain information from a PC through mere operation, without the attack being detectable by a traditional antivirus. In this case, the researchers used the radio frequencies generated by the GPU, which by its nature operates at different clock frequencies.
We turned a Radeon GPU's shader clock in to a tunable radio transmitter that can jump through walls & get picked up 50ft away.
Get your Van Eck fill and learn how to find these and other RF side-channels from myself and @baron of @duo_labs!
https://t.co/nTsEpSqahL pic.twitter.com/ElfA0Q8eqI
Mikhail Davidov (@sirus) April 22, 2020
Basing this type of attack is not too expensive: the receiving device is a Software Defined Radio (SDR) solution that connects to a USB port. Typically these devices also cost less than 100 euros, but for the demonstration the researchers used a more expensive and sensitive one which costs between 300 and 600 euros. The SDR device was then coupled to a UHF antenna and a directional ultra-wideband antenna, to which was added open source software to operate the receiver.
The attack was launched on a Dell Precision 3430 workstation, without wireless connectivity, inside which there was a Radeon Pro WX 3100. Through Linux the researchers were able to access the GPU power controls, experimenting with two clock frequencies ( 734 MHz and 214 MHz) corresponding to two P-states. The switch to 214 MHz has generated a 428 MHz signal in the surrounding environment that the researchers managed to pick up remotely, beyond a wall.
After the first successful attempts but with a very slow data transmission, the researchers managed to increase the transmission speed through five different 1 MHz clock increments. The researchers did not share details about the speed, but believe to be able to further improve it.
Although such an "attack" may surprise and in some sense frighten, it seems an option more suitable for state espionage than for the theft of data from simple users' PCs, also because the system must first be compromised by another attack. However, this is another example of how it is possible for attackers to exploit apparently harmless aspects of a PC – such as clock frequencies – to get valuable information without being discovered. It cannot be excluded that this attack method can be replicated on Nvidia GPUs, CPUs of any manufacturer or other devices equipped with a clock generator.
