mreidiv Posted November 6, 2014 Share Posted November 6, 2014 do you think this can be done with the rtl-sdr? http://www.wired.co.uk/news/archive/2014-11/04/attackers-use-radio-signals-to-steal-protected-data Quote Link to comment Share on other sites More sharing options...
cooper Posted November 6, 2014 Share Posted November 6, 2014 I'm calling BS until I hear my vid card play AC/DC on my radio, but as it pertains to your question, when the transmitted data can be picked up by a radio built into a cell phone, it can almost certainly be picked up by the SDR. If anything, the RTL-SDR has the bigger antenna and unlike the FM radio in their example, the RTL-SDR can pick up any signal - FM is just a subset of that. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted November 7, 2014 Share Posted November 7, 2014 I'm with Cooper on this one. It seems ridiculous but even if researchers have found a way to transmit information from a video card the article states they need to first infect the machine with malware to make this happen. Exactly how do they plan on doing that when the system is not connected to the internet and heavily guarded? If they can get close enough to install this malware then they might as well utilize other resources that would serve as far better attack methods. Quote Link to comment Share on other sites More sharing options...
Sildaekar Posted April 29, 2015 Share Posted April 29, 2015 This is far from impossible, believe it or not this kind of stuff has been going on for years. I worked in the SIGINT and ELINT community in the military and in doing so we worked in a secure facility. We were not allowed to bring phones in, actually had to remove the battery from our phones and place the battery and phone in two separate boxes before entering the facility. The most I care to say on this (at the risk of have suits show up at my front door) is this:http://en.wikipedia.org/wiki/Tempest_%28codename%29 I'm sure doing some more googling on electronic emanations can bring about more info, also there was some chick that did a speech at Defcon and Toorcon on this exact same topic. If I remember her name or the speech I'll let y'all know. Afterthoughts:Wow this is an old threat, but I like these kinds of things so I'm gonna revive it anyways :p Quote Link to comment Share on other sites More sharing options...
sud0nick Posted April 29, 2015 Share Posted April 29, 2015 (edited) Still not possible from the GFX card. The card must be emanating RF with information in the first place in order to retrieve information from it. The article on TEMPEST you linked to brings up memories of dealing with SNCOs that thought by crossing CAT5 on a class network with CAT5 on an unclass network a classified email would suddenly appear where it wasn't supposed to and a spillage would occur. It's absurd to say the least. While energy may be transferred from one of the cable to the other good luck getting any valuable information from it. The GFX card doesn't emit any RF with data attached so, yes, you can read a signal from it but it will be no more than noise. Edited April 29, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
Sildaekar Posted April 29, 2015 Share Posted April 29, 2015 The article on TEMPEST you linked to brings up memories of dealing with SNCOs that thought by crossing CAT5 on a class network with CAT5 on an unclass network a classified email would suddenly appear where it wasn't supposed to and a spillage would occur. LMFAO! ...wow...I honestly don't know what to say to that. Those poor uneducated souls. Still not possible from the GFX card. Ok, I didn't realize they were specifcally speaking about graphics cards, my internet connnection is a bit "touchy" (satellite Internet) so the only way I can see the linked page was by viewing the source code for some reason, and I only read bits and pieces. In that instance, yeah I would assume (as you stated) there would have to be some kind of malware to fluctuate the voltage on the card for certain data, would be easier just to image the HDD in that instance. Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted April 29, 2015 Share Posted April 29, 2015 Reading all of this, I'm reminded of PiFM for the Raspberry Pi. It uses GPIO Pin 4 to broadcast an FM signal. Video cards do use GPIO usually, so I guess its not beyond the realms of possibility that firmware could be reverse engineered to this effect. Still pretty farfetched, mind... Quote Link to comment Share on other sites More sharing options...
sud0nick Posted April 29, 2015 Share Posted April 29, 2015 (edited) The article on TEMPEST you linked to brings up memories of dealing with SNCOs that thought by crossing CAT5 on a class network with CAT5 on an unclass network a classified email would suddenly appear where it wasn't supposed to and a spillage would occur. LMFAO! ...wow...I honestly don't know what to say to that. Those poor uneducated souls. This is the mentality of most SNCOs and Officers who have to deal with computer and network security in the Marine Corps. They don't quite understand the physical possibilities but they sure as hell believe everything they read in TEMPEST and other documents. They would rather spend the extra money on running an additional 100ft of cable in a different direction than accept the fact that the standard is ridiculous. Although I, too, would rather be safe than slapped with a COMSEC incident any day. Reading all of this, I'm reminded of PiFM for the Raspberry Pi. It uses GPIO Pin 4 to broadcast an FM signal. Video cards do use GPIO usually, so I guess its not beyond the realms of possibility that firmware could be reverse engineered to this effect. Still pretty farfetched, mind... It certainly isn't beyond the realm of possibility but feasibility, yes. For this particular experiment they claimed there was an air gap between the computer and phone which would mean the system can't communicate with the outside world at all through normal means. If someone were to gain access to the system to install malware that would allow for this attack to be a success why would they then lock the system, walk outside, and use their phone to grab information from the GFX card? Edited April 29, 2015 by sud0nick Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted April 29, 2015 Share Posted April 29, 2015 It certainly isn't beyond the realm of possibility but feasibility, yes. For this particular experiment they claimed there was an air gap between the computer and phone which would mean the system can't communicate with the outside world at all through normal means. If someone were to gain access to the system to install malware that would allow for this attack to be a success why would they then lock the system, walk outside, and use their phone to grab information from the GFX card? Agreed. If you managed to gain access to an air gap machine, you're kinda shooting yourself in the foot with these cloak-and-dagger tactics. A really cool implementation would be the reverse. If you could "tune" a GFX card to receive instructions via FM sent from an attacker, then there'd actually be some use. Again, it'd require some other exploitation in the first place, but I guess it'd be an effective form of persistence. Its probably just the geek in me that'd like to see it done though. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.