acm-header
Sign In

Communications of the ACM

ACM News

Magnetic Sensors Pinpoint 
GPU Cryptojacking Attacks


View as: Print Mobile App Share:
From the paper TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals.

A figure depicting a scenario in which a user places a Tick-Tock device in close proximity to his/her laptop in order to detect a possible mic-based eavesdropping attack.

Credit: Soundarya Ramesh et al.

They've done it again: the ingenious digital security engineering team that famously worked out how to three-dimensionally (3D) print a copy of a front door Yale key simply by deciphering the key's cut from the zzzt! sound it makes as it is pushed into a lock, have come up with yet another bleeding-edge computer security trick.

This time, however, the engineers at the Cyber-Physical Systems and Security Lab, which is co-located at Yonsei University in South Korea and the National University of Singapore (NUS), are not merely highlighting a previously unknown threat to domestic security. Instead, they have worked out how an ultra-cheap magnetic field sensor can be used to detect a debilitatingly expensive computer crime, one in which the graphics processing units (GPUs) at the heart of the resurgence in artificial intelligence over the last decade are hijacked to mine cryptocurrency instead of running deep learning neural networks.

This cryptojacking, as it is known, has become a scourge because organizations victimized by it end up paying punishing costs both for the energy needed to crunch the power-hungry cryptographic algorithms, and the GPU cycles lost to the criminal task. In attacks studied by Microsoft's security teams, for instance, "targeted organizations incurred more than $300,000 in compute fees due to cryptojacking attacks," the company says.

However, reliably detecting cryptojacking is not straightforward, since any attacker with the ability to plant malware capable of converting GPU stacks into an illicit cash machine are also likely to have the skills to disable any software-based detection measures.

What is needed, says Rui Xiao, an associate of the CyberPhysical lab of China's Zhejiang University, is a GPU hijack detection method that somehow is "resilient to attacks from powerful remote adversaries" —in other words, something crypto gangs cannot hack and cripple.

Initially, the team thought they could undetectably sense the cryptomining routine's substantial power consumption. "The only problem was, measuring that power draw directly from the GPUs was a pain; we'd have to start snipping wires, and nobody wanted to go that far," says Xiao.

"But then, something clicked and we wondered if we could detect these power fluctuations in a non-invasive way, without resorting to wire-cutting. And that's when we began harnessing Ampère's law, which explains how electric currents generate magnetic fields, and decided to dig deeper into what they could tell us."

The result? "The more we looked into the magnetic characteristics of GPUs during cryptojacking, the more we realized we were onto something," says Xiao. "By rigorously comparing these magnetic behaviors with benign GPU operations, and thorough hardware analysis, we successfully validated the existence of a magnetic signature for cryptojacking."

What they found was that when a malware-gamed GPU stack is crunching the logical mathematical operations needed to generate many types of cryptocurrencies—generally solving crytographic puzzles like hash functions to verify and add valid coin data to a blockchain—a telltale magnetic signal of a certain waveform and  frequency was leaked by the GPU.

It was not just one type of GPU, either. At the ACM Mobicom 2023 conference in Madrid, Spain, in early October, Xiao and colleagues Soundarya Ramesh at NUS, and CyberPhysical laboratory lead researcher Jun Han at Yonsei University, revealed that they have established signatures for 14 of the most popular Nvidia and AMD GPUs launched in the last seven years.

They established these magnetic signatures while the GPU stack also was undertaking legitimate applications like training deep learning models, rendering video graphics, signal processing, simulating physical phenomena, and running cryptographic tasks. This allowed them to subtract the magnetic noise that day-to-day applications generate and extract a clear signature for each type of illicit mining operation.

Even with knowing what a cryptojacked GPU emanates magnetically, how did they come up with a way that allows attacked organizations to sense it and take action?

Luckily, in November 2022, at the ACM Computer and Communications Security conference in Los Angeles, CA, Soundarya Ramesh at the National University of Singapore revealed TickTock, a magnetic sensor for Windows laptops that alerts users when an attacker has remotely turned on their PC's microphone to eavesdrop on them. This was possible because the sharp rise-time of the 2MHz clock signal that starts when the mic is activated, kicks out a telltale magnetic signal.

Having developed a miniature magnetic sensor in the TickTock project, Xiao and colleagues built on the knowledge gleaned in that exercise to develop a mobile sensor that can be applied to GPU stacks.

Called MagTracer, their GPU cryptojacking detection system comprises a cheap (it costs just $3) magnetic field sensor that outputs a voltage proportional to magnetic field strength, along  with an analog-to-digital converter to make that voltage computer readable, and an air-gapped Raspberry Pi single board computer to process those signals and generate a cryptomining alarm.

In tests on 14 GPU models, the CyberPhysical team reported, illicit mining was detected with 98% accuracy, with false positive rates below 0.7% for all. The result is a sensor that can be either placed near a GPU stack when mining is suspected, Xiao says, or it can be left attached to it as a permanent sentinel, with one sensor monitoring all the GPUs within a single server due to their physical proximity.

"We're leaning towards suggesting a permanent installation for GPU users. This permanent sensor, ideally miniaturized for convenience, would require less manual intervention and is particularly useful for large-scale deployments in datacenters and server farms," he says.

Checking on system emanations in this way is reeling in the years for one observer: "This attack, studying the immediate magnetic field this way, is akin to the old days of TEMPEST," says Jay Abbott, founder of enterprise cybersecurity and penetration testing company Nellcote in the U.K. A 1980s intelligence community codename, TEMPEST was a way of spying using unintentionally emitted radio, electrical, audio or vibrational signals from computer systems.

"But this application of the technology is somewhat novel, and certainly interesting as a detection mechanism for malicious GPU loads in the context of a datacenter operator like an AWS, Azure, or Google, though I would like to see some data on its false positive rate against similar workloads [to mining], such as hash cracking or rendering," Abbott says.

Magnetic emanations are also being used for skullduggery, however, as well as security. As revealed in April last year, researchers at Columbia University in New York City found that by placing a magnetic sensor identical to that used by the CyberPhysical Lab on a GPU stack's power line, thieves could pirate all the data anyone needs to make their own illicit copy of an expensively trained machine learning AI model. 

We should now expect even more attacks and defenses using the magnetic emissions of GPUs, says Xiao. "GPUs are known for their power-hungry nature, which inherently induces strong magnetic fields that create a potent wireless side channel, serving as a double-edged sword for both attack and defense. Researchers and attackers are actively exploring innovative ways to harness the magnetic properties of GPUs for various security and privacy-related applications. There's a surge of interest in this area."

 

Paul Marks is a technology journalist, writer, and editor based in London, U.K.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account