Just Touching A Laptop Can Reveal Secret Data
It's the most "current" news you'll read all day: The pattern of the electric currents that pass through your laptop computer can be used to determine your encryption keys, as a group of three Israeli researchers at Tel Aviv University have shown. By measuring the electric potential running through a laptop's casing, or through a cable attached to the machine, or even by measuring the electric potential of a human touching the casing, the researchers were able to extract two different types of encryption keys used in the open-source encryption hardware known as GnuPG. Shocking, isn't it?
First, the researchers attached a small digitizer (a device that turns electric signals into digital data) to a laptop, and made sure the digitizer's sensor was touching a conductive part of the laptop, such as the casing around a USB, Ethernet, VGA, HDMI or other kind of port, or a metal heatsink fan. All encrypted data needs to be decrypted at some point to be read and used. When the computer'sowner accessed GnuPG software and entered the decryption key, the pattern of electrical potential that flows through the laptop's metal parts was enough to let the researchers determine 4096-bit RSA keys and 3072-bit ElGamal encryption keys.
RSA and ElGamal are both well-respected and robust encryption algorithms, and keys of those lengths are considered extremely resistant to conventional attacks. Attaching a device to the outside of a computer may be too obvious. The researchers also proved that the same attack could be performed by attaching a digitizer to the far end of a cable plugged into the target computer...
- Login to post comments