A security researcher has demonstrated a method of attack that allows malicious actors to steal laptop encryption keys using a gadget small enough to fit inside some pita bread.
Developed by Daniel Genkin and his colleagues at Tel Aviv University, the attack makes use of radio signals given off by laptops when their CPUs are busy crunching data.
As reported by BBC News, the team of security researchers discovered that different operations of a computer, such as playing a game or decrypting a file, displays a characteristic pattern of radio activity when analyzed using a spectrogram.
It was this latter activity that interested the team. Using components of a small gadget hidden inside some pita bread, the team was able to capture the radio activity of a laptop’s CPU as it worked to encrypt data. This reading was then transferred to another laptop with a spectrogram and stored on a microSD card, where it could be accessed via Wi-Fi or manually retrieved at a later time.
Based on the fluctuations of the spectrogram alone, the team was able to decipher the laptop’s encryption key.
“The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software,” explained Genkin and his colleagues in a paper detailing their work. “These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.”
Genkin and his colleagues designed their gadget to fit inside a pita bread to illustrate that attackers could use this method against targets in public places, such as restaurants and cafeterias, without drawing attention to themselves. The only restriction is that they would need to be no farther than 50cm from their target laptop.
The security researchers were able to crack the encryption key in a matter of seconds, they go on to report in their paper.
To read more about how attackers can use radio waves to steal users’ data, including on airgapped computers, please click here.