In spy movies we often see that the protagonist requires some sensitive data from the antagonist. When all else fails, a “Top Secret Device” comes along which can copy all the data from the required device when taken near it. And that too without touching the compromised computer or server or mobile device!
Well folks, we are pretty close to living in that futuristic world.
Researches from Fix-IT and Riscure have put together a device that can decode the AES 256 (bit) encryption keys using the electromagnetic emissions from a nearby computer.
The device exploits a known ‘side channel attack’ dubbed “Van Eck Phreaking” which is specially built to recover AES 256 encryption keys.
About the Device
The device is pretty compact and is made up of a magnetic loop antenna, an external amplifier, a bandpass filter and a software programmed radio receiver present on a USB stick.
The device is small and can easily be used without being noticed. On top of this, it only costs $230 to the researchers which is much cheaper than the devices available at the moment.
Let’s get to the speed of the device. As it is known in the decryption world, any type of encryption can be cracked, but what matters more is how fast is it done.
This device can produce the encrypted key within 5 minutes if the target is more than a meter (3 feet) away.
The real magic happens at a distance of 30 cm (1 foot) where the device can sniff the key out within 50 seconds.
Imagine walking up to someone, exchanging a few sentences, and walking away with their encryption key.
How It Works
Here’s how the device works. The electromagnetic waves emitted by a computer have a pattern and are dependent on the power consumption of the device.
Whenever the device is working on data, it creates power consumption spikes which can be sensed and analysed via the electromagnetic emissions. This fluctuation in power usage is the key (no pun intended) to breaking the encryption.
The straightforward way of breaking encryption is through the ‘Brute Force Method” where all possible solutions are tried to power through the barrier. This task is very tedious and time consuming. For the 256 bit AES, it would require 2^256 tries, a little too many.
With this method, each block is decoded separately. As a consequence the trials are exponentially reduced to 256 x 32=8192. This reduces the time to a couple of minutes at most.
Although technically the device should be able to decode keys in a standard real case scenario, but up till now the device has only been tested in a controlled environment, free of any interfering electromagnetic emissions.
In the real world, all sorts of noise is present which may interfere with the device causing it to slow down or even fail at the attempt.
This research can be read in detail in the team’s paper titled TEMPEST attacks against AES.
Other tests have also been conducted using the same side channel technique with varying results. A Team had successfully used the technique to perform the decryption through a thin wall. Another team used emissions from android and iOS devices to recover the encryption keys.