A new device demonstrates just how easily hackers can steal encryption keys from nearby computers, especially in public places. A team of researchers from Israeli research centers Tel Aviv University and Technion built the gadget with off-the-shelf electronics and standard AA batteries to show just how easy it is for hackers to steal passwords in side-channel attacks. The device has to be located about a foot and a half from the victim computer in order to work. However, it fits into the palm of a hand, so attackers could hide it under a desk or tuck it into an inconspicuous object, such as a sandwich or a piece of pita bread. It is therefore appropriately called PITA (Portable Instrument for Trace Acquisition).
The researchers monitored radio signals given off by laptops and discovered that certain operations, such as playing games or decrypting files, had signature patterns of electromagnetic radiation. Using this knowledge, they built PITA, which can spy on computers by analyzing the radiation emitted by a computer’s processor.
To use the device, hackers would send an encrypted email to a targeted computer and then place the device nearby. The PITA’s antenna would pick up the distinct radio waves emitted by the computer’s processor while it decrypted the email. Hackers could use this method to snag passwords in just a few seconds, according to the researchers. The stolen data could either be stored on the PITA’s microSD card to be analyzed later or it could be transmitted over Wi-Fi to the hacker’s computer.
The researchers say that similar devices can be built with just $300 worth of ordinary parts, such as a consumer-grade radio receiver or a Software Defined Radio USB dongle. Although the PITA that the researchers built only works within about 20 inches of a targeted computer, the range could be extended by using better antennas, amplifiers, and digitizers. The details are published online and the researchers plan to present their work at the workshop on Cryptographic Hardware and Embedded Systems in France in September.