Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing Smartphone Crypto Keys Using Radio Waves

Posted by timothy on from the rsa-rsa-rsa dept.

coondoggie writes "Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the world's foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month."

9 of 37 comments (clear)

  1. New Phone Case. by Anonymous Coward · · Score: 5, Funny

    Great. Now I need a tin foil case for my phone too.

  2. Electromagnetic Where Exactly? by GreenTech11 · · Score: 4, Interesting
    TFA says that

    The radio-based device will pick up electromagnetic waves occurring when the crypto libraries inside the smartphone are used,

    , but I can't see how it could actually be detecting anything inside the smartphone as the waves emitted by the little electrons zipping around are hardly going to be detected, not to mention identifying those particular disturbances amongst everything else would be impossible. Is it actually detecting the stuff as the cellphone transmits/receives if then? I'm far from an expert in this, so any explanation would be great.

    --
    Laughter is the best medicine, except if you have a broken rib.
    1. Re:Electromagnetic Where Exactly? by russotto · · Score: 3, Informative

      It's a pretty typical side-channel attack. It's detecting the RFI emitted during computation, and using that to determine the key. So, yes, it's detecting the waves emitted by the little electrons zipping around inside the smartphone.

    2. Re:Electromagnetic Where Exactly? by sjames · · Score: 4, Interesting

      No, actually it IS radio waves from the little electrons zipping around in the phone being detected. Of course, little electrons zipping around are always involved in radio waves.

      You'd be amazed what signal processing can do, especially if you can also see in a video when the function your looking for was triggered.

      This is another example of Van Eck phreaking. It's so easy in some cases, it can be accidental. Back in the early '80s, I noticed the interference on channel 5 of the TV had a repeating pattern to it. As I studied it carefully, I realized it was the screensaver from my PC in the next room.

  3. Re:Van Eck side channel by Anonymous Coward · · Score: 4, Informative

    This is not a new attack. It's been known for decades - this is the attack the NSA codenamed HIJACK, I believe (or it may possibly be NONSTOP, I always get the two confused). I know GCHQ's CESG were aware of it too.

    Putting a radio transmitter next to something which may produce key-dependent interference (depending on, say, whether it's squaring (1) or multiplying (0) each bit of an RSA key) will yield a measurable interference pattern which leaks information about the keys.

    Countermeasures are surprisingly similar to acoustic emissions attacks and timing attacks: blinding; routines/hardware circuits which don't exhibit key-dependent behaviour; better shielding, particularly of the ground and Vcc planes for the TX circuit.

    Works for keyboards, too.

  4. Clever. I like it. by Anonymous Coward · · Score: 5, Informative

    So the CPU doesn't have a strong enough EM signal (note that all electronic processing generates EM waves) to send out the key processing details over any reasonable distance (tiny starting signal plus 1/r^2) . But it is a smartphone, and the CPU EM signal is strong enough to interfere with the (very!) nearby phone transmitter. And by examining that signal, you can tempest monitor the CPU from a much greater distance. Cool. The smartphone in effect has its own built in CPU EM signal amplifier.

    The hard bit is the details. You need the right equipment, and the right algorithms to extract the signal and then reconstruct the key.

  5. Actually, this is well known... by betterunixthanunix · · Score: 2

    This is a well known side channel attack; it is usually pretty hard to pull off for all the reasons you said, but apparently these researchers have overcome those obstacles. Usually these sorts of attacks are chosen plaintext or chosen ciphertext attacks, and you will look for particular changes in the EMI that comes out of the phone which can be correlated with the secret key. You will probably need to choose many plaintexts/ciphertexts for this attack to work, but a typical TLS session will probably be enough.

    --
    Palm trees and 8
  6. Re:Gives me hope.. by betterunixthanunix · · Score: 2

    The TPM can always be broken. It stores a secret key right there for you to take and use for your own purposes -- you just need to find a way to extract it from the device. Attacking the TPM is not really a crypto problem as much as it is a security engineering problem: how do you prevent people from reading data that is stored on a computer they control, while still allowing them to use that data.

    --
    Palm trees and 8
  7. Mod parent down by Prune · · Score: 4, Interesting

    If you've ever designed a circuit board where you had to worry about isolation of interference between sections and using groundplanes and filtering correctly, you'd know the trivial answer as to what is going on here and why your post is totally wrong: interference from the processor will cause some small modulation in the phone's radio circuits. Despite any shielding, there are multiple channels through which such interference is coupled inside a cellphone.

    --
    "Politicians and diapers must be changed often, and for the same reason."