A research paper revealed at a major cybersecurity conference held at Tel Aviv University in Israel this past week discusses the easiness of creating an electronic device made from cheap parts to hack into a given laptop.
Authors of the paper “Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation” Daniel Genkin, Itamar Pipman, Lev Pachmanov, and Eran Tromer demonstrated how an attack they’ve called PITA- Portable Instrument for Trace Acquisition- is a relatively easy feat, according to ShalomLife.com.
Their report details how “the research team ‘successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP encryption standard), within a few seconds,” the article said.
“Using a device that can receive radio signals (an actual radio, or a USB stick designed to receive and playback audio messages), the researchers were able to observe fluctuations in the electromagnetic field surrounding the laptop, and translate those fluctuations into keystrokes using analysis software.”
The parts used to build such an electronic device are, according to the paper, easily available at any given local electronics store, and the device itself is small enough to be easily hidden from view.
“The only drawback from this new type of cyber attack is its range: the target of the attack would need to be within 50 centimeters (20 inches) of the attacker. On the flip side the attack only takes seconds, meaning that local coffee shops or pita stores offer the perfect venues for the attack, thanks to the convenience of power outlets and free Wi-Fi. A hacker could attack their target in a ‘walk-by’ attack, camouflaging their “poisoned pita” on a tray with real food,” the article said.
But the worst part, the researchers said, is that there is little the laptop user can do to prevent such a cyber attack from happening.
“‘Preventing such low-level leakage prevention is often impractical’ the researchers explained, due to the excessive hardware required to implement true prevention strategies (like Faraday cages), or the extreme performance decrease that would be experienced using a software solution.”
Read the full story.
