Posted on 07/08/2015 6:56:44 PM PDT by 2ndDivisionVet
Just when you thought you were safe, a new hacking toy comes along and rocks your world. Imagine a tool exists that lets hackers pluck encryption keys from your laptop right out of the air. You cant stop it by connecting to protected Wi-Fi networks or even disabling Wi-Fi completely. Turning off Bluetooth also wont help you protect yourself.
Why? Because the tiny device that can easily be hidden in an object or taped to the underside of a table doesnt use conventional communications to pull off capers. Instead it reads radio waves emitted by your computers processor, and theres really nothing you can do to stop it.
Researchers at Tel Aviv University and another Israeli research center called Technion have created a terrifying new hacking tool that can steal encryption keys out of the air. The device, which is assembled using about $300 worth of parts that are widely available, is about the size of a piece of pita bread. Not by coincidence, the team is calling it PITA (Portable Instrument for Trace Acquisition).
Heres how it works: the PITA consists of a bunch of off-the-shelf parts and it runs on four AA batteries. Using an antenna that can read electromagnetic waves emitted by computer processors from up to 19 inches away, the device can swipe RSA and ElGamal data and decrypt it. Stolen data is then stored locally on the devices microSD card, or the PITA can transmit data over Wi-Fi to the attackers computer.
Heres a deeper dive from the teams paper:
We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.
We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.
So now youre obviously wondering, how can I block this crazy attack? Bad news: You cant.
Physical mitigation techniques of electromagnetic radiation include Faraday cages, the team wrote on its website. However, inexpensive protection of consumer-grade PCs appears difficult. Alternatively, the cryptographic software can be changed, and algorithmic techniques employed to render the emanations less useful to the attacker. These techniques ensure that the rough-scale behavior of the algorithm is independent of the inputs it receives; they usually carry some performance penalty, but are often used in any case to thwart other side-channel attacks. This is what we helped implement in GnuPG.
The team plans to present its creation at the Workshop on Cryptographic Hardware and Embedded Systems this coming September.
I see more Lifelock ads for Beck,Rush and Hannity.
bfl
The military has had computers protected against this for decades. I believe they call it Tempest Shielding.
And how are THEY protected from hacks?
There’s no easy way to determine what process is causing a fluctuation in the CPU.
If you had enough processes running to max out the CPU it would be VERY difficult to sort anything out of the RF mess coming from it. A quiet CPU running a process would be like listening to someone walk across the floor in the apartment upstairs, a maxed out CPU would be like hearing the stomping feet of a dance party overhead...very hard to figure out what foot caused what stomp :-)
An SDR creating a mass of competing RF at the proper frequencies would also create problems for the snooper.
This is untrue. Think tinfoil hat.
IOWs a tinfoil hat.
Tempest, from the 1970s. Just goofle NACSEM 5100.
Nothing new here.
Physical access to your work site or computer can allow a number of attacks. The Evil Maid attack, and the hardware keyboard logger, are the most popular.
Physical security is, therefore, important. Keep your laptop in a safe when it is not in use.
The military has had computers protected against this for decades. I believe they call it Tempest Shielding.
++++
That is correct. Tempest.
Gotta get me a Tempest machine.
This is sort of hacking is DPA and SPA- differential power analysis and simple power analysis. Cryptography Research Inc. has countermeasures for dealing with this.
I used them.
Here’s hoping BIbi has already slipped one into theOne’s golf bag and got a hold of the evil one’s blackberry info.
here's a Tempest machine...
Nay, say! Tempest testing, certification, and field compliance surveys are the real deal. Even in the 1970s they were able to reconstruct what was displayed on the screen of a CRT terminal from about a mile away. Compliance to Tempest meant that the equipment used for reception and transmission of classified information had to shielded according to standards and operated inside Faraday cages. ASR-33 teletypes were compliant while commercial grade CRTs were not.
One of my personal friends was an officer in the army in the 1980s; and, he got written up for using a commercial grade CRT in the signal center. He told me that the Tempest team entered the room and stated, "There is an unauthorized Hazeltine 1400 CRT in this room that is emitting classified information into the environment". They then laid screen-shots on a table which, sure enough, clearly exhibited information that was displayed on their CRT earlier in the day. The Tempest surveillance van was located off-post.
I had to use Tempest approved enclosures for computers on more than one government project.
TEMPEST is an acronym. It stands for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions
The definition covers both offensive and defensive electronic snooping.
Thank you for swerving into a good bit of my work in the early and mid 80s. I got to play with a TEMPEST certified Zenith Z-100. It was essentially an IBM PC with two processors and an $6500 price tag. I used it to test some classified modeling I was doing. The model wasn't classified but the data was.
The thing was built like a tank. The top was held in place by 64 screws. The saving grace was that it used eject-able Hard Disk packs. That meant that the machine was UNCLAS once the power was off and the HD removed.
Old Crow Ping
Please let me know if you want on or off the Old Crow ping list.
"Ceterum censeo 0bama esse delendam."
Garde la Foi, mes amis! Nous nous sommes les sauveurs de la République! Maintenant et Toujours!
(Keep the Faith, my friends! We are the saviors of the Republic! Now and Forever!)
LonePalm, le Républicain du verre cassé (The Broken Glass Republican)
I had a company in the 1980’s that sold high resolution video cards (none of the kids around today would believe that once computers had only had eight colors). We got a nice contract with a local Air Force base for about 12 of these units.
Installing these cards was fairly complicated as you also had to install a paged memory card to have enough memory to work with. These units were all installed by the system that proceeded ‘plug and play’ (curse and pray). As a result, we always included free installation and set-up.
I had a young kid working for me who was really good at installations. He had been at the base for about four hours when I received a call that went something like, “you gotta come out here and help me, I’m in real trouble.”
In addition to the tons of screws you spoke of, all these pieces of metal (netic I suppose) that shielded the innards went together like some kind of interlocking jigsaw puzzle. He was completely flummoxed as to how to get it back together.
As I had no idea either, I said let’s take another one apart and use it as a guide. He said, “wait a minute, I’ve got a Polaroid camera my car, let me go get it and we’ll take pictures to use as a guide.”
With that, the blue suiters that were watching this circus sprung into action. A few minutes later a two striper showed-up and quickly had the thing back together. He hung around and helped us finish the remainder.
Needless to say, it was my first and last experience with Tempest shielding - and just darn near a disaster.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.