back to article AES-256 keys sniffed in seconds using €200 of kit a few inches away

Side-channel attacks that monitor a computer's electromagnetic output to snaffle passwords are nothing new. They usually require direct access to the target system and a lot of expensive machinery – but no longer. Researchers at Fox‑IT have managed to wirelessly extract secret AES-256 encryption keys from a distance of one …

  1. Jack of Shadows Silver badge

    I'm not even surprised.

    As long as energy is dissipated from the system under examination while the key is in use, which by the Second Law of Thermodynamics will happen in some form, you can discover that key. True, it may be extremely difficult but given our rate of technological advancement, you are merely delaying the inevitable. Offense v. defense, always cheaper for the offense, if anyone is keeping score. I do, obviously given engineering and economics background.

    It may hit us fast, singularity occurring, or the slow process of social change, but it will happen that all information is free or, perhaps, at a modest charge.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm not even surprised.

      You shouldn't be surprised. It's nothing new. Circa 2001 for FIPS level 2 and above cryptographic modules require measures to eliminate unintentional radio emissions that can be used to compromise the system. Don't even think about taking the shielding off the really high end crypto gear. The anti tamper mechanism will fry the workings in a rather spectacular way. At the national security level some contain thermite and others go for protective detonation.

      1. MacroRodent Silver badge

        Re: I'm not even surprised.

        The anti tamper mechanism will fry the workings in a rather spectacular way. At the national security level some contain thermite and others go for protective detonation.

        Seriously? That sounds like the something out of Mission Impossible.

        1. allthecoolshortnamesweretaken Silver badge

          Re: I'm not even surprised.

          "Seriously? That sounds like the something out of Mission Impossible."

          Yes, I was wondering about that, too.

          However, I must confess that I really like the term "protective detonation".

    2. TechnicalBen Silver badge

      Re: I'm not even surprised.

      The latest (next release?) AMD chips/memory controllers will allow real time memory encryption. This may help future devices. As you would need to also gain that key (or reverse engineer some method of "guessing" it). This would, I assume, mean each bit will have different power draws each boot as it will be given a different method of encoding each time.

      1. TechnicalBen Silver badge

        Re: I'm not even surprised.

        Why 4 thumbs down for the memory encryption at runtime off a "trusted" enclave on AMD chips?

        Is it because this type of attack could also get that trusted key?

        Is it because this type of attack is agnostic to encrypted memory?

        Or is it because people are downvoting me for no reason?

        1. Anonymous Coward
          Anonymous Coward

          Re: I'm not even surprised.

          Intel's marketing team work Sundays?

        2. Sanctimonious Prick
          Happy

          Re: I'm not even surprised.

          @TechnicalBen

          Fourth rule of posting: don't complain about downvotes!

          1. TechnicalBen Silver badge

            Re: I'm not even surprised.

            True. But I'm honestly asking... is this something encrypted memory and/or encryption cycling (by the time they get one key, you've generated a new one) could help prevent?

            If a bit is "high" one moment, then "low" the other, how do you know if it was a 1 or a 0, when it is cycling through encoding methods... though at the byte level this may still be sniffable.

            I suppose I could sit down and do the maths, but it makes my head hurt...

          2. Kiwi Silver badge
            Pint

            Re: I'm not even surprised.

            Fourth rule of posting: don't complain about downvotes!

            I though that was the 1st rule - "Don't talk about downvotes".

            But the fifth rule clear is "don't tell people about the 4th rule".

      2. CheesyTheClown

        Re: I'm not even surprised.

        Real-time memory encryption in server is a generally bad idea for a multitude of reasons.

        1) It's a false sense of security. People will believe it offers some level of protection... it doesn't.

        2) The memory controller would have to be issued keys from within each each session. These keys are theoretically shielded from the host system. If the guest operating system implements this technology... kudos for them. It means that direct attacks from VM to VM are taken care of.

        3) Drivers loaded on the guest VM will have access to the encrypted memory as they run in kernel mode on the guest VM. This means virtual network, disk and graphics adapters will be able to access memory as unencrypted or issue memory requests to MMU to get access to whatever they want. So, a compromised driver can be an issue. If you read the source code for e1000, VirtIO Ethernet, VMXNET3 drivers in the Linux Kernel, you'll see that they aren't exactly hardened drivers for security. They're good device drivers, but VMXNET3 for example looks very pretty in code format, but that's because it's not particularly bogged down with silly things like bounds checking code.

        4) "Bridges" used for performing remote execution on guest VMs will generally have to be available since this is how automation systems work. So, Powershell Remoting (WMI/OMI), QEMU Monitor Protocol, KVM Network Bridge, PowerCLI, etc... all offer methods of performing RPC calls on guest VMs from the host and in many circumstances, directly at the kernel level.

        5) Hardware hairpinning is an option as well. PCIe (unlike PCI and older devices) operate entirely on memory mapped I/O (MMIO) which means that all communications with the system and with system memory are performed by using memory reads and writes. In bare metal hypervisors with proper hardware such as Cisco VIC, nVidia GPUs ,etc... the hardware is programmable, partitionable, and can execute code. An example would be to log into the Cisco VIC adapter via out of band management and run show commands for troubleshooting. The iSCSI troubleshooting commands in particular are quite powerful and would easily allow issuing memory reads and writes on the fly from a command line interface. In order to honor them, the MMU in the CPU would have to decrypt the requested memory. Of course, the MMU and OS driver could mark pages appropriately to allow access-lists on individual protected pages. But that's mute when we see point 6)

        6) RDMA provides a means of extending system memory from server to server. This works by mapping regions of physical memory in each server to be accessed by hardware from other systems over devices like RDMA over Ethernet NICs or Infiniband HCAs. High performance systems like HPC systems, high performance file servers (like Windows with SMB Direct) and high performance Hypervisors like KVM and Hyper-V (ESXi is very notably not part of this as it sacrifices high performance for high compatibility) perform live migration over RDMA where possible. While it is theoretically possible to move the guest machines in encrypted states, it would be necessary to carry enough information from one server to the other during a migration to provide a decryption key in the new host to access the VM memory as it is moved. That means the private key would have to either be transferred in clear text or would have to be renegotiated through an hypervisor hosted API... providing a new key in clear text to the hypervisor...if only briefly.

        The intent of encrypted memory was really really awesome, but extremely poorly thought out. It could have some benefits in places like containers where individual containers could be shielded from the host OS and they don't migrate. But there would still be critical issues with regards to where the decryption keys reside. Also, as containers generally ARE NOT bare metal, so the keys would have to reside on the container host instead.

        Thanks for bringing this topic up though. Make sure you tell everyone who intends to depend on encrypted memory that it's at least 10 years and several Windows, Linux, Docker and hardware generations off from being meaningful. But make sure to tell them they should bitch to their vendors to make them support it ASAP. It will require an entire ecosystem (security in layers) approach to make this happen.

    3. Oh Homer Silver badge
      Headmaster

      Definitely not new

      See also: Tomorrow's World circa 1985.

      1. DougS Silver badge

        There are ways around this

        These types of attacks have been known for years, as has the defense. At the cost of some energy efficiency, the hardware can calculate results for both a '0' and '1' in each bit of the key, and throw away the result it doesn't need.

    4. Anonymous Coward
      Anonymous Coward

      "The entire cost of the setup was less than €200"

      With or without VAT?

    5. Destroy All Monsters Silver badge
      Holmes

      Re: I'm not even surprised.

      Well, you can always redesign the chip to obfuscate its energy usage,

      Here for example, from 2003 (paywallyed): Masking the energy behavior of DES encryption [smart cards]:

      Smart cards are vulnerable to both invasive and non-invasive attacks. Specifically, non-invasive attacks using power and timing measurements to extract the cryptographic key has drawn a lot of negative publicity for smart card usage. The power measurement techniques rely on the data-dependent energy behavior of the underlying system. Further, power analysis can be used to identify the specific portions of the program being executed to induce timing glitches that may in turn help to bypass key checking. Thus, it is important to mask the energy consumption when executing the encryption algorithms. In this work, we augment the instruction set architecture of a simple five-stage pipelined smart card processor with secure instructions to mask the energy differences due to key-related data-dependent computations in DES encryption. The secure versions operate on the normal and complementary versions of the operands simultaneously to mask the energy variations due to value dependent operations. However, this incurs the penalty of increased overall energy consumption in the data-path components. Consequently, we employ secure versions of instructions only for critical operations; that is we use secure instructions selectively, as directed by an optimizing compiler. Using a cycle-accurate energy simulator, we demonstrate the effectiveness of this enhancement. Our approach achieves the energy masking of critical operations consuming 83% less energy as compared to existing approaches employing dual rail circuits.

  2. I just wish to be anonymous.

    If it's engineered, it can be reversed.

    1. DryBones
      Trollface

      If it can be reversed, it can be Rockforded!

    2. Old Used Programmer

      Through a Lens, darkly...

      Thank you E. E. "Doc" Smith. Where are the Arisians when we need them?

      1. Peter Gathercole Silver badge

        Re: Through a Lens, darkly...

        Not even a Lens protects you forever.

        IIRC, there were 'dark' lenses appearing by the time of "Children of the Lens", so even the Lens was reverse engineered.

        The Arisians always knew from their 'Vision of the Cosmic All' that they were not the ultimate lifeform. That is why they force-evolved and then passed the mantle on to the Kinnision clan.

  3. John Smith 19 Gold badge
    Unhappy

    In effect "traffic analysis" applied at the bus level.

    This may be either quite easy or quite difficult to counter.

    Basically you need to keep a constant(ish) power level in the system. If that's possible then it will be more difficult to pick the signal out of the noise. Keep the data paths filled with dummy data so there are no (or quite shallow) spikes in the noise.

    It's intriguing that they were able to chop the search space into byte size segments and thereby exclude a lot of it.

    Clever but depressing, give AES256 seemed pretty strong.

    1. elDog Silver badge

      Re: In effect "traffic analysis" applied at the bus level.

      Couldn't this power-fluctuation (or emanation) detection be easily masked by injecting random noise into the environment?

      1. Andrew Commons

        Re: In effect "traffic analysis" applied at the bus level.

        @elDog

        That's how you usually defeat traffic analysis.

    2. Voland's right hand Silver badge

      Re: In effect "traffic analysis" applied at the bus level.

      Basically you need to keep a constant(ish) power level in the system

      Not even that - your power level should not correlate with the encryption task. That will actually be the case if the system is doing enough other things. Makes up for an interesting argument against dedicated hardware.

      1. TRT Silver badge

        Re: In effect "traffic analysis" applied at the bus level.

        What kind of noise do you get from multicore / multiprocessor systems?

        1. Anonymous Coward
          Anonymous Coward

          Re: In effect "traffic analysis" applied at the bus level.

          Exactly. If you read the paper it looks like the target sits there idle and then performs rounds of encryption tasks that are monitored. I can only imagine an interrupt driven/multi-tasking system would make this 1000x more difficult (but clearly not impossible). No clean start and end to the encryption process to cleanly pull out of the air.

    3. Anonymous Coward
      Anonymous Coward

      Re: In effect "traffic analysis" applied at the bus level.

      This may be either quite easy or quite difficult to counter.

      Basically you need to keep a constant(ish) power level in the system. If that's possible then it will be more difficult to pick the signal out of the noise. Keep the data paths filled with dummy data so there are no (or quite shallow) spikes in the noise.

      Poisoning the well is a good approach, but I suspect the encryption signal will have some clear characteristics so it will not be enough to just add some random noise. You need to generate a number of dummy keys at the same time so that that noise shares the same characteristics with what you want to camouflage.

    4. Anonymous Coward
      Anonymous Coward

      Re: In effect "traffic analysis" applied at the bus level.

      @John Smith 19

      With crypto worth having stealing the key is often trivial when compared with breaking the cipher.

      1. John Smith 19 Gold badge
        Unhappy

        "With crypto worth having stealing the key is often trivial"

        AES is not a "public key " encryption system.

        If you have the key, an encrypted message with that key and an implementation of the cipher you apply the first two to the last and read the message.

        The advantage of a private key system is that to give equivalent protection the keys in a public key system have to be longer, hence (in principal) a private key is easier to remember.

        OTOH key management if you have to distribute them to lots of people is a PITA.

    5. Vic

      Re: In effect "traffic analysis" applied at the bus level.

      Clever but depressing, give AES256 seemed pretty strong.

      This isn't a breach of AES256, it's a breach of one implementation...

      Vic.

      1. Gotno iShit Wantno iShit

        Re: In effect "traffic analysis" applied at the bus level.

        That's what I see too but your downvoter clearly sees different. In this attack the attacker is in control of the target hardware and the code running on it. I'm struggling to see the connection between this and the scenario in the picture on page 2 of the linked PDF.

  4. Phil Endecott Silver badge

    "AMD" is a typo, right? Should be "ARM" coretex m3 I think.

    If it actually is an AMD (i.e. x86) chip that they've managed to observe in this way I am very impressed.

    1. Mike 125

      ARM

      ARM, yes indeed, so embedded.

      Most of the focus on securing high end embedded devices in e.g. smart cards, is now about disguising crypto activity. Such an application avoids using CPU crypto instructions (of which ARM has many). It will just wait on a reply from the dedicated crypto block, which is designed to emit a constant/ pseudo random noise and current consumption signature.

  5. MD Rackham

    The headline lies about the actual content of the story. The 50 second time is for kit 30 cm away. The one metre time was 5 minutes.

    Changing the headline to "You won't believe how long it took to crack an AES-256 password!" would be more ethical clickbait.

    1. Aqua Marina Silver badge

      Try not to read this in a Liam Neeson voice.

      I don't know who you are. I don't know what you want. What I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you. If you post a link to a clickbait article, I will look for you, I will find you, and you won't believe what happens next!

      1. Message From A Self-Destructing Turnip

        Re: Try not to read this in a Liam Neeson voice.

        Well, somebody's fin rot is making them grumpy!

    2. Kiwi Silver badge
      Headmaster

      The headline lies about the actual content of the story. The 50 second time is for kit 30 cm away. The one metre time was 5 minutes.

      Well... 30cm would be around 12" I guess, which is "just a few" depending on your frame of reference (a 5 mile wide asteroid missing by 12" would be "just a few" or "mere inches" in any ones language, however cutting a 6ft beam short by 12" would be a "hell of a lot").

      And 5 minutes is comprised of 300 seconds. </pedant>

      1. MD Rackham

        The headline has been altered from when it first went up.

        It was originally "a metre away" which is 3x the 30 cm the article discusses. The current headline of "a few inches" is better. Still misleading, but not something I would have commented on.

    3. phuzz Silver badge

      Fifty seconds or three hundred, compared to a brute force attack they're both basically instant.

    4. Commswonk Silver badge

      @ M D Rackham: ...ethical clickbait.

      My oxymoron alarm has just gone off.

  6. Herby Silver badge

    Meanwhile...

    Amazon reports that a multitude of software defined radios have been ordered by someone near Ft. Meade VA, along with antennas with sensitive amplifiers.

    1. allthecoolshortnamesweretaken Silver badge

      Re: Meanwhile...

      False flag, probably - my sources tell me that the guys you're thinking of are mostly using a P.O. box in Weehawken, NJ for that sort of thing.

  7. Anonymous Coward
    Pint

    How well was the PC prepared?

    Sure I'm skeptical. Thing is: I once build my PC myself and bought myself a solid tower housing. It's all solid metal, kept on using this for years. Faraday cage anyone?

    A few months back I had to dispose of an old (non-working) 4U Dell PowerEdge. The metal casing alone weighed around 20kg. Again: Faraday cage anyone?

    1. Old Used Programmer

      Re: How well was the PC prepared?

      I hate to tell you, but the leakage will go through smaller holes are the frequency goes up. All case have holes in them. At the very least, for cooling fans. An all metal case should has less EM leakage, but there will still be some.

      1. Charles 9 Silver badge

        Re: How well was the PC prepared?

        Even a TEMPEST-rated case?

        1. TrumpSlurp the Troll Silver badge

          Re: How well was the PC prepared? TEMPEST?

          IIRC they stopped building TEMPEST PCs when the general reduction in power usage and radiation from standard PCs met the TEMPEST requirements unmodified.

          Perhaps it is time to revisit this, or perhaps the detection distance means that if you can get that close you have already breached physical security to an extent that eavesdropping is the least of your worries.

          A solution that could be used in tables at coffee houses, perhaps, to steal customers keys then snoop. However what is the cost/benefit?

          1. John Brown (no body) Silver badge
            Black Helicopters

            Re: How well was the PC prepared? TEMPEST?

            A solution that could be used in tables at coffee houses, perhaps, to steal customers keys then snoop. However what is the cost/benefit?"

            Just keep an eye out for the man in the trench coat with a white carnation buttonhole using his laptop then you go up and take his order, being careful to make sure the process takes at least a few minutes.

          2. Stuart Halliday

            Re: How well was the PC prepared? TEMPEST?

            I think I'd notice a 10" loop aerial lying around...

          3. This post has been deleted by its author

        2. Kiwi Silver badge

          Re: How well was the PC prepared?

          Even a TEMPEST-rated case?

          Where do you buy them? DDG, Google, Amazon - nada. the only reference is a /. post back in 1999!

      2. Mage Silver badge

        Re: How well was the PC prepared?

        Fine mesh over the holes works. The SDRs only work up to 1.7GHz away even that would allow larger holes than on a perforated Sky dish. (Small enough so it looks solid at 12.6GHz, but poor reflector at 20GHz). C band "Mesh"/Perforated dishes have bigger holes as maximum is less than 4.5GHz.

        A lot of gear is badly screened, shielded or filtered. The FCC and CE RFI tests are both too lax and also often not realistic test scenarios (RFI from electronic ballasts or SMPSU radiated by lighting wiring that tends to be a loop, "power line ethernet" that are really transmitters and pass by only testing one or having no data). Sometimes after the FCC / CE approvals are obtained they leave out the filter parts to save money as there is little to zero in market retail sales testing.

    2. Phil Endecott Silver badge

      Re: How well was the PC prepared?

      > How well was the PC prepared?

      It's not a PC. Look at the picture. It's a little board with a microcontroller on it, It's not in a box.

      It has an ARM coretex m3 processor and a load of FPGA logic. Google "SmartFusion2".

      1. Stuart Halliday

        Re: How well was the PC prepared?

        Lots of kitchen foil and stickyback plastic Blue Peter style required?

  8. Adam 1 Silver badge

    obviously...

    The government needs to ban software defined radios.

    1. Flocke Kroes Silver badge

      Re: obviously...

      Have you listened to our government recently? If May finds out, she will make software defined radios mandatory along with software to make them accessible by anyone over the internet.

      1. TRT Silver badge

        Re: obviously...

        No, she'll just ban encryption.

      2. Anonymous Coward
        Anonymous Coward

        Re: obviously...

        She will probably ban software. Its easier that way. And it is a "soft" target. Followed up by banning pencils and paper, then reading and writing - after all, someone might draw a porno pic. Perhaps she is planning a secret coalition with Boko Haram.

        Vote May: Fight for the right to be illiterate!

        1. Anonymous Coward
          Anonymous Coward

          Re: obviously...

          She will probably ban software.

          Given the way she's turning back the clock on social advances it's more likely she'll ban electricity and makes us all go back to candles.

  9. Rustbucket

    All this shows is that the processor under test wasn't designed for security applications from the start.

    Secure devices use constant current and constant time for all crypto operations, whether they need it or not, just to stymie this kind of analysis.

    1. Anonymous Coward
      Anonymous Coward

      What about in portable applications where consistent power (or even power altogether) cannot be guaranteed?

      1. Kiwi Silver badge
        WTF?

        What about in portable applications where consistent power (or even power altogether) cannot be guaranteed?

        I think if power goes off to the machine, there ain't gonna be a lot of spurious radio waves emanating from it to be detected.

  10. Adam 1 Silver badge

    AES was not cracked, cut the click bait

    A poor* implementation of AES permitted a side channel oracle attack on the key.

    *That's not a criticism of the implementation. A non-poor implementation is really hard to achieve. A good implementation will not have a different profile between a correct and incorrect guess at part of the key.

    1. bazza Silver badge

      Re: AES was not cracked, cut the click bait

      Indeed. I feel they set this up to succeed.

      Nothing wrong with that of course, but it would have been far more impressive had they pulled off the same trick against an x86 server running a busy workload as well as doing crypto operations. There would be far more background noise to obscure a useful signal. Also due to the mixed workload there's not likely to be an obvious signal to latch onto in the first place. And it'd have a metal case.

      Therefore I don't see this result leading to any changes in practices. If there's someone who can get within a couple of meters of one's infrastructure then you've already got a problem. Installing a keyboard logger or something else like that sounds more productive for the attacker.

      1. Mike 125

        Re: AES was not cracked, cut the click bait

        >> but it would have been far more impressive had they pulled off the same trick against an x86 server running a busy workload

        Indeed, but that's not the application at hand. Crypto is increasingly being done on small systems, smart cards, access control, IoT applications, etc. That's where the problem lies. So it's not clickbait, it's a real issue.

        1. Adam 1 Silver badge

          Re: AES was not cracked, cut the click bait

          > So it's not clickbait, it's a real issue.

          I think you have missed the point on why I have called it out as click bait.

          Just because something is a real issue doesn't mean it isn't misdescribed or exaggerated in order to get you to read something. That an implementation of AES can be oracle"d this way is very serious.

          AES is a description of what should be done to a byte stream to encrypt a secret with a key and how to get that byte stream back knowing the key. For a crypto algorithm to be broken means that I am able to decode the byte stream cheaper than attempting every possible key in the keyspace.

          As far as I am aware*, AES is still not broken, and this technique, whilst novel and even significant, shows a faulty implementation of AES, not a fault in AES generally.

          *if some TLA does crack it then don't expect them to scream it from the roof top.

          1. Adam 1 Silver badge

            Re: AES was not cracked, cut the click bait

            And I should acknowledge the title has been corrected (thanks) from "AES-256 crypto cracked in 50 secs using €200 of kit one metre away" to "AES-256 keys sniffed in seconds using €200 of kit a few inches away". If you didn't see the original headline then my comment definitely seems unreasonable. Wayback machine caught the original.

      2. defiler Silver badge

        Re: AES was not cracked, cut the click bait

        "If there's someone who can get within a couple of meters of one's infrastructure then you've already got a problem."

        You could very easily be in a shared data hall in a commercial datacentre. If security is paramount them you'll have a separate room or a cage, but most companies don't need the scale to run their own buildings. That leaves you open to others in the same room getting pretty close to your kit.

        However, given the nature of this attack, in a noisy server room you'll be bloody lucky to discern a single signal. For now.

        Maybe that's a justification for blade servers - pack the components tighter to blend the EM noise.

        1. Steve Davies 3 Silver badge

          Re: AES was not cracked, cut the click bait

          How many WiFi systems can you see from your home? You really don't need to be up close but given a bit of time (like when you are out at work, pub, mistress etc) your bit of kit can be hooveing up enough information to get the crack.

          Now, just rent an office close to a competitor, setup the kit and walk away. In a few days, I'm sure that you will be able to see all those lovely emails in nice plain text.

          1. Stuart Halliday

            Re: AES was not cracked, cut the click bait

            Ah. So not an electronics man?

        2. John Brown (no body) Silver badge

          Re: AES was not cracked, cut the click bait

          "However, given the nature of this attack, in a noisy server room you'll be bloody lucky to discern a single signal. For now."

          Radio astronomers are pretty good at sorting out a relevant signal from all the others. Likewise the guys still talking to Voyager.

      3. Mage Silver badge

        Re: AES was not cracked, cut the click bait

        But most of the worlds encryption users are now running ARM based phones or tablets. The majority of x86 are either work related laptops or in server rooms and now seriously outnumbered by ARM based gadgets etc.

        1. bazza Silver badge

          Re: AES was not cracked, cut the click bait

          @Mage,

          But most of the worlds encryption users are now running ARM based phones or tablets. The majority of x86 are either work related laptops or in server rooms and now seriously outnumbered by ARM based gadgets etc.

          Whilst that's true, there's still an effort / reward balance to be considered.

          Look at Oyster cards on the London Underground. Are they the ultimate in security, the most impenetrable of contactless subway ticketing, proof against nation states and even capable amateurs? No. Do they need to be? Not really, it costs more to clone / hack one than the cost of just paying the fare.

          So yes, it might be that someone could build a sniffer the size of a ruck sack, and start picking apart keys on random communications decrypted by crypto co-processors commonly found on, say, ARM SOCs in phones on the tube, in a coffee shop, or IoT devices in someone's home, etc. But to what purpose? I don't really see the point. It'll still be a needle in a haystack, and even if a phone is only moderately well screened (like they probably are to pass EMC accreditation), there's little prospect of being able to make anything of it.

          Certainly if it ever became a problem it's so easy to counter it.

  11. frank ly Silver badge

    Doe anyone know ....

    .... what that large component with the adjustment knob is? (I thought it was a lab bench gas tap at first. It's many years since I saw one or used one but the memories came flooding back.)

    1. Anonymous Coward
      Anonymous Coward

      Re: Doe anyone know ....

      Just some sort of height/angle adjustable stand used to hold the antenna in place. A re-purposed mike stand perhaps - or maybe a dedicated laboratory stand.

  12. John Smith 19 Gold badge
    Coat

    So that's what "Pointless Albatross" is.....

    I know.

  13. Anonymous Coward
    Anonymous Coward

    I wonder ...

    I wonder if your ISP supplied router/modem could be used to do the same thing, with all the raw data picked up by the router being sent back down the net to your local nerd branch of the security services? I'd probably say yes. These routers can already work with multiple vci/vpi settings so you can still have your throttled adsl connection, whilst your ip tv box can use different vci/vpi settings to deliver your online films or tv programmes from your various TV providers, a simple test is to download a largish Linux ISO a few GB in size which can be delivered at your maximum rated download speed, and then go watch a tv program or film using your ISP supplied tv box, you'll find you can do both unhindered. Then you could also have mesh network capabilities using the multiple wifi access points often hidden from the router interface which will detect your neighbouring wifi signals, and with technologies like wifi Beam forming, not only is it possible to direct wifi signals to some degree to maximise performance to your device, its possible to use radio frequencies to track an individual moving around by detecting the radio frequencies that are reflected back to the router and detecting the omissions for the RF that gets absorbed by the body as noted by a recent-ish MIT paper documenting how wifi can be used to track people. Plus when you consider how easy it is to build wifi into a little cpu like those seen in Raspberrypi's, not to mention your smart phone, one can only conclude its more big brother than most people realise, when considering the above abilities whilst people travel around on their day to day business carrying their personal tracking device.

    Of course getting the password for any form of encryption can be made a step in a process, by breaking up encrypted file with random data so the intended receiver has to use brute force to crack and decrypt the file. So whilst it might take the intended receiver say 5 or 10mins to brute force crack the file, scale that brute force cracking task up for the spooks who want to brute force crack multiple files and then time can be on your side, unless of course your OS just reports back every password when the encryption api's are used, which would be easier, or system updates and other background tasks are used to brute force crack files when given a portion of a password file. Perhaps security researchers should test their OS's for that functionality at the OS and HW level, it could be a profitable law suite at breaking up the hegemony of the US tech sector if such technologies can be proved to exist.

    1. Anonymous Coward
      Anonymous Coward

      Re: I wonder ...

      Say wha?

  14. Pen-y-gors Silver badge

    So, to clarify...

    For this cunning plan to work the attacker

    1) needs to get pretty darn close to the target machine without anyone noticing (Gyood mornink, tovarich, Do you mind if I put my large briefcase that goes ping next to your computer?)

    2) Needs to know what sort of processor etc the target is using, so that it can run the initial work 'on a test rig' (Oh, I seem to have lost my car keys, can we take the case off your computer so I can check they haven't fallen inside?)

    3) Needs a radio quiet environment (could you just power down the rest of the building for a few minutes, I'm having trouble getting a signal on my phone?)

    Interesting, but not exactly a major real-world threat.

    1. uncommon_sense
      Pint

      BS Meter just exploded...

      >Interesting, but not exactly a major real-world threat.<

      Exactly!

      But TOMORROW a smartwatch with an SDR inside may be possible, and The Nerd Who Cried Wolf will have his day!

      Doesn't stop him from being an irritating dweeb in the meantime, though..

      As the admin said in Wargames:

      "Mr. POTATOHEAD!

      Mr. POTATOHEAD!!!"

    2. dew3

      Re: So, to clarify...

      "Interesting, but not exactly a major real-world threat."

      ...said the power plant operator, certain that his systems were not vulnerable to computer viruses because they were air-gapped from the network. Then someone found a really nice USB stick someone dropped in the parking lot...

      The target isn't going to be data center servers, but laptops in coffeehouses, Apple pay, et al.

  15. Anonymous Coward
    Anonymous Coward

    And that's exactly the reason ....

    ... a nearby microwave oven can Hack into your computer system.

    1. Mystic Megabyte Silver badge
      Happy

      Re: And that's exactly the reason ....

      ".. a nearby microwave oven can Hack into your computer system."

      Don't be silly, we all know that microwave ovens are really cameras :)

  16. Shady

    Genuine Question

    Could this be defeated by running a randomised workload when encryption / decryption is taking place? Perhaps even perform parallel decryption / encryption using nonsense keys and nonsense data, lock-stepped to the genuine task.

    Or, if the server if sufficiently shielded, would an RF white-noise generator defeat the snooping?

    1. Anonymous Coward
      Anonymous Coward

      Re: Genuine Question

      by running a randomised workload

      Or watching porn videos - the perfect justification!

  17. a_yank_lurker Silver badge

    How Practical

    The distance, a couple of meters, indicates the technique needs to be used by someone very close. As one noted, inside a coffeeshop is more likely. Also, the demo had a relatively clean RF environment and in the real world RF interference could be a problem.

  18. Christian Berger Silver badge

    Now lets put that in perspective...

    FoxIT is one of those "security" companies working for the Dutch agencies.

    This works via the magnetic field near to the device, so it's very limited in reach. It's hard to shield as you need ferromagnetic shielding for this, but it also won't reach very far, anyhow. So in any case, you need that device under your control. You can do loads of stuff in that scenario.

    So, if you combine that, the obvious use for this is the following:

    You have an "encrypted" mobile phone of your "suspect". Instead of having to ask them for the PIN, you can now simply sniff the key... and you don't even need to disassemble the device. All you need to do is apply a coil to a model specific position at the phone, then wait a minute in which you can also get the IMSI via an IMSI catcher. All of that works quickly enough to get the encryption keys during a normal "random search".

  19. Anonymous Coward
    Anonymous Coward

    "those "security" companies working for the Dutch agencies."

    "someone very close. As one noted, inside a coffeeshop is more likely."

    hmmm.

  20. JeffyPoooh Silver badge
    Pint

    Thirty-odd years ago...

    There was a game for the Tandy Radio Shack TRS-80 Model 3 (not to be confused with the Model 1 in various "Levels") which included a musical soundtrack, to be heard through a nearby AM radio. It might have been "13 Ghosts", or similar.

    Point being, the EMI was under programmer's control, and independent of other game functions.

    Modern interpretation would be that the supposed key extracted by EM radiation should be a very rude phrase in ASCII, and not the actual key.

  21. Duffaboy

    I'd buy that for a dollar

    Sorry I meant $200

  22. hatti

    Worried about all this? you may be interested in purchasing one of my lead lined laptop cases very reasonably priced at £500. The first one hundred customers will also receive a free tin foil hat (RRP £400).

  23. Anonymous Coward
    Anonymous Coward

    And in the same El Reg page, there's the solution ...

    2FA (as discussed re: HoC "hack")

  24. Phil the Geek

    Déjà viewer

    In other news, the BBC has a rusty Transit van with a bent coat hanger on the roof that can tell what TV channel you're watching.

    1. Anonymous Coward
      Anonymous Coward

      Re: Déjà viewer

      That used to be true - when analogue signals were used, it was possible to pick up the output of the local oscillator and determine what frequency it was running at (i.e. what channel it was demuxing).

  25. MeRp

    Couldn't this sort of attack be defeated simply by putting the processor, memory, power supply, and some sort of UPS (maybe with some sort of randomized power intake algo) inside a faraday cage? Such a cage could be built as a desktop computer case, I suppose. And, if the designers for the UPS were clever enough they could probably combine it with the power supply into a package small enough to fit in the same spot a typical power supply would go.

    I suppose one could then read the thermal output of the cooling system, but it seems like that would be pretty easy to randomize by introducing delays and dumps.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019