Posted on 07/08/2015 6:56:44 PM PDT by 2ndDivisionVet
Just when you thought you were safe, a new hacking toy comes along and rocks your world. Imagine a tool exists that lets hackers pluck encryption keys from your laptop right out of the air. You can’t stop it by connecting to protected Wi-Fi networks or even disabling Wi-Fi completely. Turning off Bluetooth also won’t help you protect yourself.
Why? Because the tiny device that can easily be hidden in an object or taped to the underside of a table doesn’t use conventional communications to pull off capers. Instead it reads radio waves emitted by your computer’s processor, and there’s really nothing you can do to stop it.
Researchers at Tel Aviv University and another Israeli research center called Technion have created a terrifying new hacking tool that can steal encryption keys out of the air. The device, which is assembled using about $300 worth of parts that are widely available, is about the size of a piece of pita bread. Not by coincidence, the team is calling it PITA (Portable Instrument for Trace Acquisition).
Here’s how it works: the PITA consists of a bunch of off-the-shelf parts and it runs on four AA batteries. Using an antenna that can read electromagnetic waves emitted by computer processors from up to 19 inches away, the device can swipe RSA and ElGamal data and decrypt it. Stolen data is then stored locally on the device’s microSD card, or the PITA can transmit data over Wi-Fi to the attacker’s computer.
Here’s a deeper dive from the team’s paper:
We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.
We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.
So now you’re obviously wondering, “how can I block this crazy attack?” Bad news: You can’t.
“Physical mitigation techniques of electromagnetic radiation include Faraday cages,” the team wrote on its website. “However, inexpensive protection of consumer-grade PCs appears difficult. Alternatively, the cryptographic software can be changed, and algorithmic techniques employed to render the emanations less useful to the attacker. These techniques ensure that the rough-scale behavior of the algorithm is independent of the inputs it receives; they usually carry some performance penalty, but are often used in any case to thwart other side-channel attacks. This is what we helped implement in GnuPG.”
The team plans to present its creation at the Workshop on Cryptographic Hardware and Embedded Systems this coming September.
with appropriate hidden pickup loops and range extenders this could get interesting.
Sounds like you got away clean.
In my shop, we’d probably have had to shoot you...:)
Sounds like not using mobile devices or computers using wi-fi is the answer. Hard-wired computers avoid the problem. I do all my secure work (bank and credit card transactions) on my computer physically connected to the net.
Only computers connected to a classified network have that kind of shielding. Non-classfied computers do not.
And I am positive these were NOT on a classified network because it was at a medical teaching school. What they were (I believe) were hand-me-downs, and the blue suiters wanted them kept in the same condition they had received them. Didn’t really matter until some dummkopfs from the outside tried to open them up!
Good grief. Some of us are just having fun here.
Some of us have knowledge and wisdom we'd like to share. But, play your heart out, game boy.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.