Israeli Security Lab Using Electromagnetic Waves to Extract Private Keys
Perhaps the most important role in security research is breaking security, and that’s what the researchers at Tel Aviv University’s Laboratory for Experimental Information Security are up to with their recent forays into electromagnetic attacks.
The new research resembles a more advanced and applicable version of earlier research done in Israel, discussed previously here at Hacked. Rather than simply being able to intercept keys being pressed and data being entered into the system, as researchers were able to do even with air-gapped computers months back, this new exploit will allow the researchers to actually figure out the private key of a decrypted file. Applied on a commercial scale, these techniques could nullify many forms of public/private key encryption in normal environments. But how does it work?
Also read: An Airgap Won’t Secure Your Computer Anymore
Using one of a few methods of interception, the devices the researchers have put together can pick up the electromagnetic signals being put off by the target computer and then decipher meaning from them. In the case of a file being decrypted, the researchers were able to detect changes that could only be attributed to the decrypting of the file, and then to extract the private key from there.
In one instance, they were able to disguise the monitoring device in a piece of bread. They call this one the PITA – Portable Instrument for Trace Acquisition. In another, the device relays the signals to a larger terminal, which then can make sense of the signals being dumped onto it.
Most forms of encryption rely on secrets being kept. An encrypted file is not encrypted if an unintended person knows how to access it; it’s just difficult to get to. Now that private keys, as well as regular keystrokes and virtually anything else a user does on a computer, can be intercepted, many people might begin to start considering what the future of computing looks like for them. If you can’t count on encryption to protect your privacy, and you can’t count on being offline to protect your data, is there any way to use computers without being compromised?
Images from Shutterstock.