How to hack nuclear reactor isolated network with a simple GPU & radio signals

Isolated systems and devices (known as “air-gapped” systems) have been the subject of analysis by researchers and threat actors for years, as network perimeter security specialists said, which has generated a large number of variants and attack scenarios to compromise these systems.

One such attack is the one known as Stuxnet, a computer worm used at a nuclear company’s facility in Iran nearly ten years ago. That was the first time a hacker group showed that it is not impossible to compromise an air-gapped system.

Network perimeter security specialists mention that, on that occasion, threat actors (the attack was attributed to Israeli intelligence agencies) could have employed a malware variant that compromised centrifuges at a uranium enrichment plant. In this regard, ethical hacking specialist Mikhail Davidov asked a question: while it is possible to inject malicious code into an air-gapped system, is it possible to extract data from these networks?

The answer to this question could be on the radio spectrum. Using a radio, antenna, and script from his own development, the hacker figured out how to use a signal emitted by a graphics processing unit (GPU) from a computer connected to an air-gapped network and extract sensitive data. The expert posted his findings on a blog shared exclusively with the firm CyberScoop.   

The attack was launched from behind a wall and more than 15 meters away from the target computer. The expert used an antenna to scan the radio frequency spectrum for variations that could be used to extract data.  Realizing that the GPU emits a type of signal that can be manipulated, the ethical hacker developed a script to perform this action. By controlling the duration of each GPU radio transmission, and using a radio capable of capturing this signal, it was able to complete the extraction of data from the page.

“When I thought about extracting data from air-gapped networks, I came to this conclusion. Many times we have to think about any possible scenario of usefulness for threat actors and discard or confirm those possibilities in a controlled environment,” the network perimeter security expert says.

According to Davidov, this research is also an invitation to the cybersecurity community to take a more proactive approach to signals emitted by computer systems and the possibility of them being compromised. The International Institute of Cyber Security (IICS) mentions that national intelligence agencies should also consider this attack vector.