AES-256 keys sniffed in seconds using €200 of kit a few inches away

obviously...

The government needs to ban software defined radios.

All this shows is that the processor under test wasn't designed for security applications from the start.

Secure devices use constant current and constant time for all crypto operations, whether they need it or not, just to stymie this kind of analysis.

AES was not cracked, cut the click bait

A poor* implementation of AES permitted a side channel oracle attack on the key.

*That's not a criticism of the implementation. A non-poor implementation is really hard to achieve. A good implementation will not have a different profile between a correct and incorrect guess at part of the key.

Doe anyone know ....

.... what that large component with the adjustment knob is? (I thought it was a lab bench gas tap at first. It's many years since I saw one or used one but the memories came flooding back.)

I wonder ...

I wonder if your ISP supplied router/modem could be used to do the same thing, with all the raw data picked up by the router being sent back down the net to your local nerd branch of the security services? I'd probably say yes. These routers can already work with multiple vci/vpi settings so you can still have your throttled adsl connection, whilst your ip tv box can use different vci/vpi settings to deliver your online films or tv programmes from your various TV providers, a simple test is to download a largish Linux ISO a few GB in size which can be delivered at your maximum rated download speed, and then go watch a tv program or film using your ISP supplied tv box, you'll find you can do both unhindered. Then you could also have mesh network capabilities using the multiple wifi access points often hidden from the router interface which will detect your neighbouring wifi signals, and with technologies like wifi Beam forming, not only is it possible to direct wifi signals to some degree to maximise performance to your device, its possible to use radio frequencies to track an individual moving around by detecting the radio frequencies that are reflected back to the router and detecting the omissions for the RF that gets absorbed by the body as noted by a recent-ish MIT paper documenting how wifi can be used to track people. Plus when you consider how easy it is to build wifi into a little cpu like those seen in Raspberrypi's, not to mention your smart phone, one can only conclude its more big brother than most people realise, when considering the above abilities whilst people travel around on their day to day business carrying their personal tracking device.

Of course getting the password for any form of encryption can be made a step in a process, by breaking up encrypted file with random data so the intended receiver has to use brute force to crack and decrypt the file. So whilst it might take the intended receiver say 5 or 10mins to brute force crack the file, scale that brute force cracking task up for the spooks who want to brute force crack multiple files and then time can be on your side, unless of course your OS just reports back every password when the encryption api's are used, which would be easier, or system updates and other background tasks are used to brute force crack files when given a portion of a password file. Perhaps security researchers should test their OS's for that functionality at the OS and HW level, it could be a profitable law suite at breaking up the hegemony of the US tech sector if such technologies can be proved to exist.

So, to clarify...

For this cunning plan to work the attacker

1) needs to get pretty darn close to the target machine without anyone noticing (Gyood mornink, tovarich, Do you mind if I put my large briefcase that goes ping next to your computer?)

2) Needs to know what sort of processor etc the target is using, so that it can run the initial work 'on a test rig' (Oh, I seem to have lost my car keys, can we take the case off your computer so I can check they haven't fallen inside?)

3) Needs a radio quiet environment (could you just power down the rest of the building for a few minutes, I'm having trouble getting a signal on my phone?)

Interesting, but not exactly a major real-world threat.

And that's exactly the reason ....

... a nearby microwave oven can Hack into your computer system.

Genuine Question

Could this be defeated by running a randomised workload when encryption / decryption is taking place? Perhaps even perform parallel decryption / encryption using nonsense keys and nonsense data, lock-stepped to the genuine task.

Or, if the server if sufficiently shielded, would an RF white-noise generator defeat the snooping?

How Practical

The distance, a couple of meters, indicates the technique needs to be used by someone very close. As one noted, inside a coffeeshop is more likely. Also, the demo had a relatively clean RF environment and in the real world RF interference could be a problem.

Now lets put that in perspective...

FoxIT is one of those "security" companies working for the Dutch agencies.

This works via the magnetic field near to the device, so it's very limited in reach. It's hard to shield as you need ferromagnetic shielding for this, but it also won't reach very far, anyhow. So in any case, you need that device under your control. You can do loads of stuff in that scenario.

So, if you combine that, the obvious use for this is the following:

You have an "encrypted" mobile phone of your "suspect". Instead of having to ask them for the PIN, you can now simply sniff the key... and you don't even need to disassemble the device. All you need to do is apply a coil to a model specific position at the phone, then wait a minute in which you can also get the IMSI via an IMSI catcher. All of that works quickly enough to get the encryption keys during a normal "random search".

"those "security" companies working for the Dutch agencies."

"someone very close. As one noted, inside a coffeeshop is more likely."

hmmm.

I'd buy that for a dollar

Sorry I meant $200

Worried about all this? you may be interested in purchasing one of my lead lined laptop cases very reasonably priced at £500. The first one hundred customers will also receive a free tin foil hat (RRP £400).

And in the same El Reg page, there's the solution ...

2FA (as discussed re: HoC "hack")

Déjà viewer

In other news, the BBC has a rusty Transit van with a bent coat hanger on the roof that can tell what TV channel you're watching.

Couldn't this sort of attack be defeated simply by putting the processor, memory, power supply, and some sort of UPS (maybe with some sort of randomized power intake algo) inside a faraday cage? Such a cage could be built as a desktop computer case, I suppose. And, if the designers for the UPS were clever enough they could probably combine it with the power supply into a package small enough to fit in the same spot a typical power supply would go.

I suppose one could then read the thermal output of the cooling system, but it seems like that would be pretty easy to randomize by introducing delays and dumps.