No One Is Safe: $300 Gadget Steals Encryption Keys out of the Air, and It's Nearly Unstoppable --NOT WiFi!

Requires close proximity to the target computer, but very hard to stop. Might be used to compromise users in public places.

Wow, this is some seriously dangerous equipment.

1 Like

Fm the article

I read this as you must be specifically targeted by someone within 19 inches from you who can get you to decrypt some special files… Am I reading this wrong?

While the tech is pretty nasty, the fact that (it sounds like) it needs to be triggered by “carefully crafted” files severely limits is usefulness to non-very-high-profile people.

Hmm, well 19" isn’t very far, easy to mount under a table in a public inet cafe. I don’t know what encryption systems might be vulnerable. A bit vague there.

You are correct. That is the claim they make.

I take this with a big grain of salt. To reliably decode data from “EM emitted from the processor executing code in a certain way” is very unreliable even if only because modern laptops multitask and the decoding process may not be contiguous enough.

The article did not read right and the science has not been explained at all. Saying I can pick up EM from your computer and decode data when your computer is given certain input, is NOT science but typical SF script that has been written for decades.

If they supply some real science then I may take it more seriously.

1 Like

December 2013, acoustic extraction of e.g. gnupg secrets from the chirping and oscillation of your electronic components.
[RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis][1]
[1]: http://www.tau.ac.il/~tromer/acoustic/

There was a patch for gnupg back then. These kind of side channel attacks are not that new. It is of utmost importance to have a dependable and trustworth open hw platform and to not use your secrets and life endangering information on untrusted and foreign machinery at all.

Protecting private keys is difficult. Didn’t I say this point in another thread?

Ubiquitous encryption isn’t necessarily going to be good enough.

Most individuals are not trained and will not be able to protect their private keys. And you don’t have to be specifically targeted for this technology to scale up and blanket entire neighborhoods.

As I read it, it isn’t a private key issue as in Bitcoin private keys. It’s a “we sent you a message with very specific text that you decrypted with you pgp key and we were able to figure it out”. Again, only my understanding from the article, it wouldn’t effect Bitcoin keys.

It effects Bitcoin private keys as well. This kind of attack works because all electronics leak. It wouldn’t matter what software you were running because your hardware leaks.

1 Like

It’s time to start wrapping our computers up in tinfoil… :wink: