A hacker can "Hear" the key of an offline computer.

A hacker can "Hear" the key of an offline computer.

Researchers at Tel Aviv University in Israel and the Israeli Institute of Technology have designed a method to steal computer data. This "unlucky" computer is not only not connected to the Internet, but also to the next room.

Watch videos

 

Attack principle:

"By measuring the electromagnetic waves emitted by the attack target, the attacker can steal the decryption key from the computer in the adjacent room within a few seconds ."

They will present a demonstration at the RSA Security Conference held in March 3 this year.

"The attack is completely non-intrusive"

According to the paper, the entire attack device used for the experiment costs about $3000, as shown in:

 

Device used by the investigator to capture electromagnetic radiation (from left to right): power supply, antenna bracket, amplifier, Software Defined Radio Software Radio (white box) and an analytic computer.

Here, we use a method called edge channel attack: we do not process encryption (such as brute-force cracking or attacks using underlying algorithm vulnerabilities), but adopt other methods. In this test, the attack is to capture the electromagnetic waves emitted by the target computer key during decryption and obtain the corresponding information.

The researchers Tromer said:

"Experience tells us that once a physical phenomenon is verified in the lab, the attack device will soon be miniaturized and simplified ."

Although the method of stealing keys through the "eavesdropping" technology has already appeared before, this is the first time that an elliptic curve cryptography system (ECC) runs on a computer is deciphered. ECC is a powerful encryption method that can be used in all aspects from the web page to information, and has advantages such as high strength, short key length, and fast computing speed.

 

The key obtained by the investigator comes from a GnuPG laptop, as shown in figure. The victim is running ECDH encryption for a Lenovo 3000 N200 notebook in the next room.

Tromer said that the GnuPG developer has published a response policy for this attack method. Since the sequence of advanced arithmetic operations does not depend on keys, GnuPG is more tolerant to this type of edge channel attacks.

FreeBuf encyclopedia

GnuPG is a software program for hybrid encryption. It uses conventional symmetric keys to increase the encryption speed and use public keys for easy exchange. The one-time recipient Public Key is usually used to encrypt the session.

ECDH is a DH (Diffie-Hellman) Key Exchange Algorithm Based on ECC (Elliptic Curve Cryptography. Both parties can negotiate a key without sharing any secrets.

Attack Scenario Reproduction

First, the investigator sends a special ciphertext message to the target computer, that is, the encrypted email.

The researchers measured the electromagnetic waves released when the laptop decrypted the ciphertext and said they "focused on narrow band ". These signals are processed accordingly, resulting in an ECC-related information track. This track is the key to unlocking the key.

 

Through the device shown above, the researchers captured a total of 66 decryption processes through a 15 cm thick wall and finally obtained the key. The 66 decryption process took only 3.3 seconds, almost equivalent to the time when a person said "I got the key from the computer next door.

For attacks in the real world, the duration consumed by attackers is not necessarily the most important, but the target decryption process is more critical, because it directly determines whether the attack is successful or not.

Nowadays, it is not surprising that data eavesdropping is a non-traditional attack. Attackers listened to signals sent from the car's remote control key and then stole the car. Last year, a member of the same research group showed a small invention, encryption keys can be stolen by radio waves within 19 inch.

Although this most cutting-edge attack method is currently limited to academic research, it is hard to imagine the adverse effects of deploying it in a wider range of scenarios.

What happened to physical attacks?

In the near future, hackers may lower the threshold for implementing this attack technology. Tromer also expressed concern:

"This is likely to become a new attack method, and attackers will implement it at a cheaper and easier rate. In the data age, our personal information, financial assets, and private communications are mostly protected by encryption algorithms. Once we have ample time and experience in complex attacks, attackers will have an impact on the entire generation."

Tromer adds that their work is intended to protect the system against software attacks, but as shown in, cheap physical attacks can also have terrible effects.

Regarding the question of "capturing electromagnetic waves through physical means to obtain relevant information", Zhao Chengliang, associate professor of physical science and technology of Suzhou University, told FreeBuf:

"Either method is a good way to solve the problem. People with different knowledge backgrounds use different methods. The physical method is nothing more than extracting information, and the important thing is how to filter background noise. For example, to obtain information based on the electromagnetic waves emitted by the display, the background noise in life is very high. How to filter out the background noise is the key technology ."