Scientists Hack Cryptography Keys By Simply Touching a Laptop

Illustration for article titled Scientists Hack Cryptography Keys By Simply Touching a Laptop

It sounds like something out of an episode of Spooks: Researchers have discovered a way to use simple touch to decode the cryptography keys that are intended to secure your information. It's as easy as gauging the electric potential coursing through your computer while it's working.

In the MIT Technology Review today, we learn of a paper out of Tel Aviv University (title: Get Your Hands Off My Laptop) that details the process of measuring the ground electric potential in laptops. There are several ways to do this: You could, say, use a wire. But that's not nearly as exciting as using your own hand—preferably sweaty!—and then "analyzing that signal using sophisticated software."

Here's how the authors explain the process:

This potential can be measured by a simple wire, non-invasively touching a conductive part of the laptop (such as the metal heatsink fins or shielding of USB, Ethernet, VGA, DisplayPort and HDMI ports), and connected to a suitable amplifier and digitizer. The chassis potential, thus measured, is affected by ongoing computation, and our attacks exploit this to extract RSA and ElGamal keys, within a few seconds.

Advertisement

According to the researchers, the hand method works "is especially effective in hot weather, since sweaty fingers offer lower electric resistance."

Essentially, they're taking advantage of the "noise" your computer makes while it's processing this information, to figure out exactly when and how they should listen in. Which brings us to an important point: How to resist it. According to MIT, it's "possible to avoid such attacks by adding random data to computations." In other words, we'll need to build codes on top of code. [MIT Technology Review]

Image: Lasse Kristensen.

Share This Story

Get our newsletter

DISCUSSION

charlesengasser
Charles Engasser

Gather around the campfire boys and girls, Grandpa has a story to tell you:

In my day, this was called TEMPEST, where folks could and did do things like be able to tell what a monitor was displaying through a concrete block wall using nothing but an antenna. They could read your hard drive, see what you typed on a keyboard, tell what your modem was sending. And this didn't have to be done from right on the other side of the wall either...they could do it from the other side of the street, or from a van....down by the river.

Pretty extravagant methods were used to prevent this, Faraday cages built around PCs, where (as an example) a 8086-class PC would be built inside a steel chassis that weighed about 100lbs empty, the motherboard internally compartmented from the PSU and external connecters by another internal bulkhead, and the lid for the whole affair was fixed on with 50+ sheet metal screws (before the cordless screwdriver also mind you...up hill....both ways....).

Some systems (CP-M word processors) were housed in their entirety in a rolling chassis and had to be used in specific locations that had been tested prior.

Today (important) rooms are still built out with metal walls for this reason.