Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

A new Side channel attack-how to steal encryption keys by touching PCs

Researchers demonstrated a new side channel attack which allow them to steal encryption keys by simply touching a laptop. Yesterday I published a post on an interesting research conducted by a the team of experts which demonstrated an attack exploits “a newly discovered public side channel” allowing threat actor to access the shared memory statistics of an […]

A new Side channel attack-how to steal encryption keys by touching PCs

Researchers demonstrated a new side channel attack which allow them to steal encryption keys by simply touching a laptop.

Yesterday I published a post on an interesting research conducted by a the team of experts which demonstrated an attack exploits “a newly discovered public side channel” allowing threat actor to access the shared memory statistics of an app’s process, today we will discuss of a new potential method for extracting sensitive data from PCs simply touching it.

The team highlights the importance of physical security for computers, side channel attack like the one implemented by the experts demonstrates the lack of scrutiny on physical threats by the security community.

The researchers at Tel Aviv Un+iversity, Eran Tromer, Daniel Genkin, and Itamar Pipman demonstrated a physical side-channel Key-Extraction attack on PCs.

We demonstrated physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels and are based on the observation that the “ground” electric potential in many computers fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables.” explained the researchers.

The researchers will present the study at Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) in Korea, on September 23th

side-channel attack

The researchers explained that the new side channel attack allows to extract encryption keys by measuring the electrical signals of those keys being processed, this means that theoretically bad actors could access encrypted keys through touching the chassis of the targeted PC.

we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz). ” added the researchers.

The experts conducted successfully the tests with various models of laptops, running GnuPG, it’s not difficult to imagine the potentially of such attack conducted by cyber criminals and intelligence agencies.

Hackers can steal encrypted keys used  by victims for various services like online banking.

The researchers explained that to syphon the encryption keys, the CPU has to actually be processing those keys at the moment the signal is being measured. Under this condition the attack is easy to perform and the results are excellent, tests with GnuPG allowed the researchers to:

distinguish between the spectral signatures of different RSA secret keys (signing or decryption), and
fully extract decryption keys, by measuring the laptop’s chassis potential during decryption of a chosen ciphertext.

Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz). the post states.

One of the researchers said that there is no evidence that the side channel attack they have tested was already being used.

The team proposed mitigation techniques to avoid being a victim of the new type of side channel attack:

“Physical mitigation techniques include Faraday cages (against EM attacks), insulating enclosures (against chassis and touch attacks), and photoelectric decoupling or fiber optic connections (against ‘far end of cable’ attacks).”

But sincerely these countermeasures are not easy to adopt and too expensive to implement, but the researcher also added that anyway software-based countermeasures can be developed by manufacturers.

Pierluigi Paganini

(Security Affairs – hacking,  Side channel attack)