A team of researchers from Fox-IT and Riscure has put together a device using off-the-shelve electronic parts that deduces encryption keys using only electromagnetic emissions coming from a nearby computer.
The device exploits a well-known side-channel attack known as “Van Eck phreaking” and was specifically built to recover the encryption key from AES256 algorithms.
Attack carried out with €200/$230 test rig
Attacks like these usually employ expensive equipment, but researchers say they were able to pull something like this off using a rig that cost around €200, or $230.
The encryption-key-sniffing rig consists of a magnetic loop
antenna, an external amplifier, bandpass filters, and a software-defined radio receiver USB stick.
The research team says the rig is small enough to fit in a jacket pocket, a laptop case, or any other inconspicuous bag. Researchers say that an attacker can carry this device near a computer or device known to handle encryption operations and let it sniff out electromagnetic waves.
If the sniffing device is placed around one meter away from the target, the device needs up to five minutes to sniff out an encryption key. If the distance is shortened to 30 centimeters, the device only needs 50 seconds.
Theoretically, the closer the attacker can get to his target, the stronger the electromagnetic waves coming from the device get, and the shorter time the device needs to sniff the encryption key.
Device guesses encryption key
Internally, the device works by recording electromagnetic waves coming from a nearby computer, which equate to its power consumption spikes.
“This is useful because part of the power consumption depends on the data the device is handling,” researchers say. “It is this data dependence we exploit to extract the key.”
Experts say they can identify blocks where encryption is applied by a spike in power consumption needed to compute the mathematical operations for the AES256 algorithm. Once they…