Cheap Radio Device Can Steal Decryption Keys From Nearby Laptop

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Researchers at Tel Aviv University in collaboration with Israel’s Technion institute have created a palm-sized radio device that can capture decryption keys from laptops sitting just almost half a meter away (19in).

The new side-channel attack functions without tethering against RSA and ElGamal implementations in GnuPG open source encryption software and it is possible by intercepting electromagnetic emanations from the CPU of the targeted mobile computer device.

Device can be hidden in a pita bread
The cost of the radio device has been estimated at $300 / €270 and it can be built with readily available components: a Rikomagic controller, a piece of wire acting as an antenna and a FUNcube software defined radio (SDR).

A more professional variant would also include a data storage card, batteries and a WiFi antenna for sending data wirelessly to the attacker’s machine.

However, the researchers also show how such as device can be made using components commonly found in a household (a plain consumer-grade radio receiver).

The gadget created by the researchers was dubbed PITA (short for Portable Instrument for Trace Acquisition), in reference to the fact that the device can be concealed inside a pita bread.

During the experiment, it was possible to extract decryption keys in just seconds when non-adaptive ciphertext choice was involved.

Read more: http://news.softpedia.com/news/chea...cryption-keys-from-nearby-laptop-485065.shtml
 

Piteko21

Level 18
Verified
Top Poster
Well-known
Sep 13, 2014
874
Your computer is leaking information. It's not from the usual suspects: WiFi, Bluetooth or ethernet, but from radio waves originating from your processor. Researchers at Tel Aviv University and Israel's Technion research institute have built a $300 device that captures those electromagnetic waves and uses them to decrypt RSA and ElGamal data from up to 19 inches away. The PITA (Portable Instrument for Trace Acquisition) device is the size of (you guessed it) a pita and was built using off-the-shelf parts and runs on four AA batteries. The stolen data can be saved to the onboard microSD card or sent via WiFi to the attacker's computer. The team demonstrated the hack by extracting the keys from GnuPG. Fortunately, GnuPG was updated when the research paper was published to thwart the delicious-sounding PITA.

0623_pita2.jpg

This isn't the first time electromagnetic probing has been used to decipher encrypted data or that researchers have used unconventional methods to get into computers.

While the researchers jokingly placed the device in a pita, the reality is that someone could place one of these devices under the desk of a targeted subject to steal their encryption passkey. Fortunately, the researches alerted GnuPG developers about the attack and worked with them to adjust the software's algorithm. So you're safe for now. But keep a look out for errant pita sandwiches at the local Starbucks.


you can read the entire experience in detail here: https://www.tau.ac.il/~tromer/radioexp/
 
  • Like
Reactions: Venustus

comfortablynumb15

Level 7
Verified
May 11, 2015
326
People are lucky most researchers are this good about it. They could have easily just kept it hush hush and gave the information to the military or the highest buyer. Of course I'm sure the intelligence agencies already knew or are working on strengthening the technology.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top