Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Encryption Security Wireless Networking Technology

Stealing Smartphone Crypto Keys Using Radio Waves 37

Posted by timothy
from the rsa-rsa-rsa dept.
coondoggie writes "Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the world's foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month."
This discussion has been archived. No new comments can be posted.

Stealing Smartphone Crypto Keys Using Radio Waves

Comments Filter:
  • by Anonymous Coward

    Breaking crypto with all these newer and newer tricks. So long as it's within the realm of possibility that my TPM can be broken, fear of DRM hath no hold on me.

  • by Anonymous Coward on Saturday January 28, 2012 @10:52AM (#38850013)

    Great. Now I need a tin foil case for my phone too.

  • by GreenTech11 (1471589) on Saturday January 28, 2012 @10:53AM (#38850019)
    TFA says that

    The radio-based device will pick up electromagnetic waves occurring when the crypto libraries inside the smartphone are used,

    , but I can't see how it could actually be detecting anything inside the smartphone as the waves emitted by the little electrons zipping around are hardly going to be detected, not to mention identifying those particular disturbances amongst everything else would be impossible. Is it actually detecting the stuff as the cellphone transmits/receives if then? I'm far from an expert in this, so any explanation would be great.

    • by russotto (537200) on Saturday January 28, 2012 @11:01AM (#38850049) Journal

      It's a pretty typical side-channel attack. It's detecting the RFI emitted during computation, and using that to determine the key. So, yes, it's detecting the waves emitted by the little electrons zipping around inside the smartphone.

      • by Gordonjcp (186804)

        I'll believe it when I see it. Even then, I'll only believe it when I see it working outside a perfectly shielded Faraday cage, more than once.

        • You could set up an experiment on your own using about $20 worth of components (having access to an oscilloscope is helpful but not strictly necessary). When I was in high school, I tried to build a radio using some spare parts from my electronics class; I was not able to pick up anything intelligible, but I did pick up lots of emissions from the computer sitting on my desk. If I ran a program with a tight loop, I could actually hear the difference coming out of the speak.

          This, of course, is not quite
          • by Gordonjcp (186804)

            Oh, I'm painfully aware that computer equipment throws off all sorts of hash, well up into the hundreds of MHz range. I can hear my ADSL modem a good quarter of a mile away on 145.6875MHz - in the house its emissions are strong enough to blot out the local repeater.

            I don't believe it's possible to recover the encryption key by listening to these pulses. There's so much else going on, and it's not like each little wave is labelled "this is part of the encryption key".

            • I don't believe it's possible to recover the encryption key by listening to these pulses. There's so much else going on, and it's not like each little wave is labelled "this is part of the encryption key".

              No, but you can set things up so that if a particular key bit is a "1," the system will work harder than if it is a "0" by selecting particular plaintext or ciphertext to be encrypted or decrypted. It may be a small difference buried in noise, but if you repeat the experiment enough times it will become detectable. Worse still, it may be the case that you do not have to choose the plaintext/ciphertext at all, but simply know what is being encrypted/decrypted: maybe you can intercept the ciphertext, or

    • TFA also says Paul Kocher is one of the world's foremost crypto experts who will explain it to you at an upcoming RSA conference in SF next month.
    • by Anonymous Coward

      Dude, they're using RADIO WAVES! That shit's like magic. It's a freakin' INVISIBLE LIGHT ELEMENTAL. No one understands how that stuff works. There is no defense from it.

      Scariest thing I've ever read. Totally ruined my "Data Privacy Day" party.

    • This is a well known side channel attack; it is usually pretty hard to pull off for all the reasons you said, but apparently these researchers have overcome those obstacles. Usually these sorts of attacks are chosen plaintext or chosen ciphertext attacks, and you will look for particular changes in the EMI that comes out of the phone which can be correlated with the secret key. You will probably need to choose many plaintexts/ciphertexts for this attack to work, but a typical TLS session will probably be
      • by AmiMoJo (196126)

        On Android you could write an app that runs in the background and randomly interrupts the foreground app or does useless bits of crypto while it is active to foil these attacks.

    • by sjames (1099) on Saturday January 28, 2012 @03:04PM (#38851253) Homepage

      No, actually it IS radio waves from the little electrons zipping around in the phone being detected. Of course, little electrons zipping around are always involved in radio waves.

      You'd be amazed what signal processing can do, especially if you can also see in a video when the function your looking for was triggered.

      This is another example of Van Eck phreaking [wikipedia.org]. It's so easy in some cases, it can be accidental. Back in the early '80s, I noticed the interference on channel 5 of the TV had a repeating pattern to it. As I studied it carefully, I realized it was the screensaver from my PC in the next room.

    • Mod parent down (Score:5, Interesting)

      by Prune (557140) on Saturday January 28, 2012 @04:44PM (#38851703)
      If you've ever designed a circuit board where you had to worry about isolation of interference between sections and using groundplanes and filtering correctly, you'd know the trivial answer as to what is going on here and why your post is totally wrong: interference from the processor will cause some small modulation in the phone's radio circuits. Despite any shielding, there are multiple channels through which such interference is coupled inside a cellphone.
  • Looks like they need some TEMPEST [wikipedia.org] shielding.
    • by Anonymous Coward

      That's the hard way of dealing with this problem. The real reason CRI is showing this is to sell their patented solution that statistically decorrelates the side channel info being transmitted, thereby rendering such emissions meaningless. They did something similar with differential power analysis on ISO7816 smart cards, especially the clockless asynchronous logic used by N X P smart cards.

  • by Anonymous Coward

    My phone has a dual core 1.2ghz cpu. Your telling me that its possible to decode the signals flowing through the phones circuits remotely ? whats the energy level of the RF radiating from the phone, NOT including the WIFI / bluetooth / LTE cdma / spurious LCD emissions ? assuming you did shut these off, you would need to stick the thing in a RF shielded room with a yagi up the phones behind to get enough signal strength to decode electrical impulses operating at 1.2GHZ!

"Anyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin." -- John Von Neumann

Working...