The list of paranoia-inducing threats to your computer’s security grows daily: Keyloggers, trojans, infected USB sticks, ransomware...and now the rogue falafel sandwich.
Researchers at Tel Aviv University and Israel's Technion research institute have developed a new palm-sized device that can wirelessly steal data from a nearby laptop based on the radio waves leaked by its processor’s power use. Their spy bug, built for less than $300, is designed to allow anyone to “listen” to the accidental radio emanations of a computer’s electronics from 19 inches away and derive the user’s secret decryption keys, enabling the attacker to read their encrypted communications. And that device, described in a paper they're presenting at the Workshop on Cryptographic Hardware and Embedded Systems in September, is both cheaper and more compact than similar attacks from the past---so small, in fact, that the Israeli researchers demonstrated it can fit inside a piece of pita bread.
“The result is that a computer that holds secrets can be readily tapped with such cheap and compact items without the user even knowing he or she is being monitored,” says Eran Tomer, a senior lecturer in computer science at Tel Aviv University. “We showed it’s not just possible, it’s easy to do with components you can find on eBay or even in your kitchen.”
Their key-stealing device, which they call the Portable Instrument for Trace Acquisition (yes, that spells PITA) consists of a loop of wire to act as an antenna, a Rikomagic controller chip, a Funcube software defined radio, and batteries. It can be configured to either collect its cache of stolen data on an SD storage card or to transmit it via Wifi to a remote eavesdropper. The idea to actually cloak the device in a pita---and name it as such---was a last minute addition, Tomer says. The researchers found a piece of the bread in their lab on the night before their deadline and discovered that all their electronics could fit inside it.
The Tel Aviv researchers focused their attack on extracting the keys stored by GnuPG, an open source and widely used version of the encryption software PGP. They alerted GnuPG to their work in February, and an update to the software released at the same time as their paper is designed to protect against the attack. But they say their key-stealing method could be applied to other crypto systems that use RSA and ElGamal, the cryptographic algorithms integrated into GnuPG. Tromer says the group is also exploring whether the technique could be adapted and made more widely applicable, too, even allowing the theft of bitcoins by stealing the private keys created by users' "wallet" programs. Their paper includes recommendations for how cryptographers can alter software to better foil their radio key thieving mechanism.
The Israeli researchers' ability to steal data from unwitting computers' radio waves isn't exactly new: Computer scientists have known for decades that computers leak sensitive data in the form of radio emissions from their electromagnetic components. The Dutch security researcher Wim van Eck demonstrated back in 1985 that he could pick up the radio emissions of CRT monitors and reconstruct on-screen images. In 2008, German and Iranian researchers used a similar radio analysis trick to "listen" to the computations inside wireless key fobs and clone them to unlock cars and open garage doors.
But the Tel Aviv researchers' technique uses that same form of radio spying to target a laptop---a far more electromagnetically complicated target than a key fob or a monitor---and also to do it on the cheap. The team cleverly reduced the resources necessary for their attack by sampling the radio emanations from the processor only intermittently, while the chip does its decryption work of reading those emissions at a much faster frequency. PITA takes its samples at 100 kiloherz compared with the processor's 20,000-times-faster computation rate of two gigaherz. But by tricking the target into decrypting a carefully chosen message, they were able to "twist the algorithm's arm" into leaking more sensitive information, creating more clues in the leaked emanations for their PITA radio to pick up.1
"It’s like someone's reciting secrets in a room, and you only get to hear a syllable a day to try to reconstruct what they’re saying," says Tromer. "You can force that person in the room to always say one syllable over and over if the secret is 'zero,' and another syllable over and over if the secret is 'one'...That allows us to take a very low frequency sample and still extract information."
The notion of someone planting an eavesdropping device less than two feet away from a target computer may seem farfetched as an espionage technique---even if that spy device is concealed in a pita (a potentially conspicuous object in certain contexts) or a stealthier disguise like a book or trashcan. But the PITA attack represents a significant advancement from less than a year ago, when the same researchers released an attack that required the attacker to actually touch a laptop's metal components to pick up their charge.
Tromer says the team is now working on another upgrade that would allow much longer-distance snooping, though he declined to say more before the research's publication. If that more remote attack becomes practical, it could introduce the threat of radio-based crypto key theft through walls or floors---without even a telltale sandwich to warn the user their secrets are being stolen.
Read the researchers' full technical paper below.
Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
1Correction 12:01 pm 6/23/2015: A typo in an earlier version of the story caused confusion about the rate of the PITA device's radio sampling versus the rate of a target laptop's computations.
