Jump to content


Eavesdropping Antennas Can Steal Your Smart Phone's Secrets


  • Please log in to reply
16 replies to this topic

#1 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 20,834 posts

Posted 08 March 2012 - 10:38 AM

Eavesdropping Antennas Can Steal Your Smart Phone's Secrets:


Quote

The processors in smart phones and tablets leak radio signals that betray the encryption keys used to protect sensitive data.

At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.

The antenna was detecting radio signals "leaking" from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. ...


More in the article.

Looks like even the current hardware can be mitigated with software, but at a performance hit. Of course it would  be worth the performance it not to have your apps for looking at your bank, credit cards, stocks, purchases, etc. openly available for picking through to get keys to do you financial or privacy damage, eh?

New mobile devices can be dealt with at the hardware level and save on the performance hit.

Edited by LilBambi, 26 April 2012 - 12:41 PM.
fixed formatting

Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#2 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 18,231 posts

Posted 08 March 2012 - 11:36 AM

Ain't got no smarty-pants phone. Ain't worried 'bout this silliness. wink.gif

Posted Image


#3 ONLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 15,155 posts

Posted 08 March 2012 - 11:51 AM

Thanks for the head's up thumbsup.gif

Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   ross549

ross549

    I live here.

  • Forum Admins
  • 9,149 posts

Posted 08 March 2012 - 08:01 PM

From how this is described, it could apply to regular PCs too, right? They use the same components.....

Probably the easiest way to prevent signal leakage would be to shield the CPU of these devices.

That, I think would be a relatively simple engineering change.

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#5 OFFLINE   mac

mac

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 531 posts

Posted 09 March 2012 - 10:05 AM

QUOTE (ross549 @ Mar 8 2012, 06:01 PM) <{POST_SNAPBACK}>
From how this is described, it could apply to regular PCs too, right? They use the same components.....

Probably the easiest way to prevent signal leakage would be to shield the CPU of these devices.

That, I think would be a relatively simple engineering change.

Adam

While I'm not an electronics engineer, and I didn't stay at a Holiday Inn Express last night, I would think that the steel or aluminum case of a desktop PC would, at least, shield or block these transmissions from the CPU's transistors.
Mac
"Long ago, when men cursed and beat the ground with sticks,
it was called witchcraft. Today it's called golf." -- Will Rogers (1879-1935)

#6 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 20,834 posts

Posted 09 March 2012 - 10:44 AM

Leaky Radio Signals Pose Smartphone Security Risk:
QUOTE
How did the antenna pick up signals from the device? Well, smartphones and other devices contain radio transmitters to communicate with cell towers and Wi-fi base stations, but in this case, the signal was apparently leaking form the CPU itself.

This is because as the CPU performs an operation, it radiates at a particular frequency. These frequencies change depending on the operation of CPU, but it is fairly easy to build a system that can detect this RF radiation.

Cryptography Research for example reportedly built its detector using nothing more than a simple AM radio and some other electronics. This allowed it to analyse the peaks and troughs of the signal which correspond to the string of digital 1s and 0s that make up the encryption key.

“[This] antenna is not supposed to work at this frequency, and it’s been in someone’s attic for years and is a bit bent,” Kenworthy, a principal engineer at Cryptography Research told Technology Review. “You could build an antenna into the side of a van to increase your gain – well, now you’ve gone from 10 feet to 300 feet.”


I would imagine that the shielding on desktop computers and hopefully laptop computer's CPUs would shield from such leakage and consequently detecting and reading of the data.

But is there something else going on here? Or are we truly just talking about these mobile companies NOT shielding the RF from the CPUs? I wonder if compact plastic computers like Mac Mini, Raspberry Pi, Tablets, compact or mini PCs? Do they all have whatever hardware shielding would prevent this leakage?

I think more needs to be known about this? Especially with drones coming to America and likely not just from local, state and federal governments but corporations likely too, I bet? Hopefully this would be more a concern for the those with concerns for state secrets, etc. and not average citizens, but who knows...
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#7 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 18,231 posts

Posted 09 March 2012 - 11:44 AM

No one here read Neal Stephenson's Cryptonomicon, huh? In one part of the book, they use a similar stray radiation sniffer to eavesdrop on another computer in an adjoining hotel room. It's not science fiction, folks. Ain't it great! wink.gif

Posted Image


#8 ONLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 15,155 posts

Posted 09 March 2012 - 12:54 PM

Excellent book!!
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#9 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 20,834 posts

Posted 09 March 2012 - 01:12 PM

Yeah, figured it was a fact... a security area that may have intentionally been left unfixed...??
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#10 OFFLINE   ross549

ross549

    I live here.

  • Forum Admins
  • 9,149 posts

Posted 09 March 2012 - 07:12 PM

QUOTE (LilBambi @ Mar 9 2012, 09:44 AM) <{POST_SNAPBACK}>
Leaky Radio Signals Pose Smartphone Security Risk:


I would imagine that the shielding on desktop computers and hopefully laptop computer's CPUs would shield from such leakage and consequently detecting and reading of the data.

But is there something else going on here? Or are we truly just talking about these mobile companies NOT shielding the RF from the CPUs? I wonder if compact plastic computers like Mac Mini, Raspberry Pi, Tablets, compact or mini PCs? Do they all have whatever hardware shielding would prevent this leakage?

I think more needs to be known about this? Especially with drones coming to America and likely not just from local, state and federal governments but corporations likely too, I bet? Hopefully this would be more a concern for the those with concerns for state secrets, etc. and not average citizens, but who knows...


Yes, many computer cases feature shielding, though it is not specifically for preventing outsiders from "listening in." It probably has more to do with keeping outside interference out.

I don't think there is anything else going on here. I think this type of "listening" is very similar to using a microphone to record the sound of someone typing on a keyboard. In other words, this is very specific.

To put it simply, is someone going to be able to drive by your house with an antenna and be able to distinguish what you are doing on the computer? Probably not. Did you see the antenna in the article picture? It was a very focused yagi array, meaning that this is not something you could pick up with a car antenna for example.

There are so many digital devices out there- even in our TVs!- that it would be very difficult (in my semi-educated opinion) to pick out a single processor and be able to discern what it was doing. I also bet that you would have to know what frequency (clock speed) the processor was running at in order to be able to really lock on.

I guess an elaborate scheme could be construed..... someone hacks your computer knowing its physical location, figures out your cpu, and gets a nice high gain antenna, points it at the computer's specific location, and tries to figure out what you are doing. Is this practical for the average hacker or script kiddie? Not really. It would have to be a highly targeted attack.

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#11 ONLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 15,155 posts

Posted 10 March 2012 - 12:43 AM

Excellent point Adam thumbsup.gif
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#12 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,480 posts

Posted 21 March 2012 - 10:49 PM

any mobile phone in the usa already has gps enabled, besides its constant pining to give its location to the cell network.

those 2 things are insidious in and of themselves - without stretching the tech to listen to weak signals.

--------------

the supreme court recently ruled against the fbi who plants gps transponders on people's cars.
the flip side is, the fbi will go after those folks using cell-tower (location) records.
Posted Image

#13 OFFLINE   ross549

ross549

    I live here.

  • Forum Admins
  • 9,149 posts

Posted 22 March 2012 - 04:38 AM

QUOTE (Temmu @ Mar 21 2012, 10:49 PM) <{POST_SNAPBACK}>
any mobile phone in the usa already has gps enabled, besides its constant pining to give its location to the cell network.


These two functions are vital to the proper operation of the cell network.

The GPS you refer to is not a true GPS fix unless the phone has an actual GPS receiver installed. Without the receiver, it uses triangulation of the cellular signals to provide approximate location.

This location information is what allows a 911 operator to know your location and be able to get emergency services to you as quickly as possible.

Pining the cellular towers constantly also allows the phone to know which tower to talk to, as well as the network would also know your location in order to properly route calls to you.

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#14 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,480 posts

Posted 29 March 2012 - 11:18 PM

yes, o great and correctly informed one biggrin.gif

however, my point being that big brother now finds it quite easy to find us.
Posted Image

#15 OFFLINE   crp

crp

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,479 posts

Posted 30 March 2012 - 02:30 PM

QUOTE (ross549 @ Mar 22 2012, 01:38 AM) <{POST_SNAPBACK}>
These two functions are vital to the proper operation of the cell network.

The GPS you refer to is not a true GPS fix unless the phone has an actual GPS receiver installed. Without the receiver, it uses triangulation of the cellular signals to provide approximate location.

This location information is what allows a 911 operator to know your location and be able to get emergency services to you as quickly as possible.

Pining the cellular towers constantly also allows the phone to know which tower to talk to, as well as the network would also know your location in order to properly route calls to you.

Adam
And also provides data to let the engineers know if any tower/cell area is having problems above normal. Nowadays the engineer is probably not even told till it hits a critical level and the network management software routes around the problem.
The side effect benefits of being able to help locate lost people and criminals outweigh my BB concerns as long as warrants are still required.

Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience. ~C. S. Lewis

#16 OFFLINE   ross549

ross549

    I live here.

  • Forum Admins
  • 9,149 posts

Posted 30 March 2012 - 03:59 PM

QUOTE (crp @ Mar 30 2012, 02:30 PM) <{POST_SNAPBACK}>
And also provides data to let the engineers know if any tower/cell area is having problems above normal. Nowadays the engineer is probably not even told till it hits a critical level and the network management software routes around the problem.


The other way they will know is through user complaints. AT&T has made this process simple with the "Marks the Spot" app for their devices. I am not sure if it is available for Android or not, but the iOS version lets you describe a problem and submit it as a problem. I am not sure how effective it is, but the same could be said for calling a CS rep.

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#17 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,480 posts

Posted 26 April 2012 - 12:40 PM

View PostLilBambi, on 08 March 2012 - 10:38 AM, said:


sur-prise! :lol:
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users