Jump to content

Eavesdropping Antennas Can Steal Your Smart Phone's Secrets


Guest LilBambi

Recommended Posts

Guest LilBambi

Eavesdropping Antennas Can Steal Your Smart Phone's Secrets:

 

 

The processors in smart phones and tablets leak radio signals that betray the encryption keys used to protect sensitive data.

 

At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.

 

The antenna was detecting radio signals "leaking" from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. ...

 

 

More in the article.

 

Looks like even the current hardware can be mitigated with software, but at a performance hit. Of course it would be worth the performance it not to have your apps for looking at your bank, credit cards, stocks, purchases, etc. openly available for picking through to get keys to do you financial or privacy damage, eh?

 

New mobile devices can be dealt with at the hardware level and save on the performance hit.

Edited by LilBambi
fixed formatting
Link to comment
Share on other sites

From how this is described, it could apply to regular PCs too, right? They use the same components.....

 

Probably the easiest way to prevent signal leakage would be to shield the CPU of these devices.

 

That, I think would be a relatively simple engineering change.

 

Adam

Link to comment
Share on other sites

From how this is described, it could apply to regular PCs too, right? They use the same components.....

 

Probably the easiest way to prevent signal leakage would be to shield the CPU of these devices.

 

That, I think would be a relatively simple engineering change.

 

Adam

While I'm not an electronics engineer, and I didn't stay at a Holiday Inn Express last night, I would think that the steel or aluminum case of a desktop PC would, at least, shield or block these transmissions from the CPU's transistors.

Link to comment
Share on other sites

Guest LilBambi

Leaky Radio Signals Pose Smartphone Security Risk:

How did the antenna pick up signals from the device? Well, smartphones and other devices contain radio transmitters to communicate with cell towers and Wi-fi base stations, but in this case, the signal was apparently leaking form the CPU itself.

 

This is because as the CPU performs an operation, it radiates at a particular frequency. These frequencies change depending on the operation of CPU, but it is fairly easy to build a system that can detect this RF radiation.

 

Cryptography Research for example reportedly built its detector using nothing more than a simple AM radio and some other electronics. This allowed it to analyse the peaks and troughs of the signal which correspond to the string of digital 1s and 0s that make up the encryption key.

 

“[This] antenna is not supposed to work at this frequency, and it’s been in someone’s attic for years and is a bit bent,” Kenworthy, a principal engineer at Cryptography Research told Technology Review. “You could build an antenna into the side of a van to increase your gain – well, now you’ve gone from 10 feet to 300 feet.”

 

I would imagine that the shielding on desktop computers and hopefully laptop computer's CPUs would shield from such leakage and consequently detecting and reading of the data.

 

But is there something else going on here? Or are we truly just talking about these mobile companies NOT shielding the RF from the CPUs? I wonder if compact plastic computers like Mac Mini, Raspberry Pi, Tablets, compact or mini PCs? Do they all have whatever hardware shielding would prevent this leakage?

 

I think more needs to be known about this? Especially with drones coming to America and likely not just from local, state and federal governments but corporations likely too, I bet? Hopefully this would be more a concern for the those with concerns for state secrets, etc. and not average citizens, but who knows...

Link to comment
Share on other sites

Leaky Radio Signals Pose Smartphone Security Risk:

 

 

I would imagine that the shielding on desktop computers and hopefully laptop computer's CPUs would shield from such leakage and consequently detecting and reading of the data.

 

But is there something else going on here? Or are we truly just talking about these mobile companies NOT shielding the RF from the CPUs? I wonder if compact plastic computers like Mac Mini, Raspberry Pi, Tablets, compact or mini PCs? Do they all have whatever hardware shielding would prevent this leakage?

 

I think more needs to be known about this? Especially with drones coming to America and likely not just from local, state and federal governments but corporations likely too, I bet? Hopefully this would be more a concern for the those with concerns for state secrets, etc. and not average citizens, but who knows...

 

Yes, many computer cases feature shielding, though it is not specifically for preventing outsiders from "listening in." It probably has more to do with keeping outside interference out.

 

I don't think there is anything else going on here. I think this type of "listening" is very similar to using a microphone to record the sound of someone typing on a keyboard. In other words, this is very specific.

 

To put it simply, is someone going to be able to drive by your house with an antenna and be able to distinguish what you are doing on the computer? Probably not. Did you see the antenna in the article picture? It was a very focused yagi array, meaning that this is not something you could pick up with a car antenna for example.

 

There are so many digital devices out there- even in our TVs!- that it would be very difficult (in my semi-educated opinion) to pick out a single processor and be able to discern what it was doing. I also bet that you would have to know what frequency (clock speed) the processor was running at in order to be able to really lock on.

 

I guess an elaborate scheme could be construed..... someone hacks your computer knowing its physical location, figures out your cpu, and gets a nice high gain antenna, points it at the computer's specific location, and tries to figure out what you are doing. Is this practical for the average hacker or script kiddie? Not really. It would have to be a highly targeted attack.

 

Adam

Link to comment
Share on other sites

  • 2 weeks later...
any mobile phone in the usa already has gps enabled, besides its constant pining to give its location to the cell network.

 

These two functions are vital to the proper operation of the cell network.

 

The GPS you refer to is not a true GPS fix unless the phone has an actual GPS receiver installed. Without the receiver, it uses triangulation of the cellular signals to provide approximate location.

 

This location information is what allows a 911 operator to know your location and be able to get emergency services to you as quickly as possible.

 

Pining the cellular towers constantly also allows the phone to know which tower to talk to, as well as the network would also know your location in order to properly route calls to you.

 

Adam

Link to comment
Share on other sites

  • 2 weeks later...
These two functions are vital to the proper operation of the cell network.

 

The GPS you refer to is not a true GPS fix unless the phone has an actual GPS receiver installed. Without the receiver, it uses triangulation of the cellular signals to provide approximate location.

 

This location information is what allows a 911 operator to know your location and be able to get emergency services to you as quickly as possible.

 

Pining the cellular towers constantly also allows the phone to know which tower to talk to, as well as the network would also know your location in order to properly route calls to you.

 

Adam

And also provides data to let the engineers know if any tower/cell area is having problems above normal. Nowadays the engineer is probably not even told till it hits a critical level and the network management software routes around the problem.

The side effect benefits of being able to help locate lost people and criminals outweigh my BB concerns as long as warrants are still required.

 

Link to comment
Share on other sites

And also provides data to let the engineers know if any tower/cell area is having problems above normal. Nowadays the engineer is probably not even told till it hits a critical level and the network management software routes around the problem.

 

The other way they will know is through user complaints. AT&T has made this process simple with the "Marks the Spot" app for their devices. I am not sure if it is available for Android or not, but the iOS version lets you describe a problem and submit it as a problem. I am not sure how effective it is, but the same could be said for calling a CS rep.

 

Adam

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...