this post was submitted on 17 Aug 2023
62 points (97.0% liked)

Linux

48031 readers
1196 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
all 3 comments
sorted by: hot top controversial new old
[–] d3Xt3r@lemmy.nz 40 points 1 year ago* (last edited 1 year ago) (1 children)

Depends on how you define "surreptitiously". If you say, surreptitiously as in, no visible user-facing activity under a normal desktop environment, then sure - something like a GPU driver could do whatever it wants to, with the level of access it has. Drivers are often a common attack vector, and are exploited for this reason. However, in this scenario, standard monitoring tools could potentially detect the exfiltration, for instance, a network monitoring tools might spot unusual outgoing traffic, and system monitoring/security tool such as SELinux might detect unexpected behavior from the GPU driver and could even block this activity, depending on the policies in place.

If you say "surreptitiously" as in being able to completely evade the likes of Wireshark and other monitoring tools to send network traffic, that wouldn't be a bit more difficult to achieve. One possible method could be to encapsulate the telemetry data within harmless traffic. For instance, a request pretending to check for driver updates, could potentially hide some telemetry data as part of the request. With encryption, encapsulation and consistent padding (so both loaded and legit packets look roughly the same), it would be next to impossible to suspect anything. But you could just block all traffic originating from the GPU drivers, there's many ways to go about this.

It is also possible, in theory, to completely bypass the OS layer depending on your hardware stack. Say you're running an Intel CPU, and the GPU is an Intel Arc, the GPU could potentially talk directly to the Intel Management Engine, which is an entire subsystem inside an Intel CPU that is invisible to your OS, and it could do whatever it wants to, since the CPU has access to everything - and you'd never be able to detect it, at least not by normal methods. One method to detect such traffic would be to compare all the traffic leaving your system from an OS's perspective, against traffic leaving the system from your network card (using say an external firewall), and if the packets don't match, then you know something's up. So exfilrating data via this way would be very risky for a company like Intel.

load more comments (1 replies)
[–] nan@lemmy.blahaj.zone 4 points 1 year ago* (last edited 1 year ago)

This is going to be doing it through the userspace program. On Windows there is almost always an Nvidia / Radeon / Intel icon permanently hanging out in the system tray. As it mentions, Intel is just enabling what the others already do.