How White Hat Hackers Stole Crypto Keys from an Offline Laptop in Another Room

"The attacks are completely non-intrusive: we did not modify the targets or open their chassis."

In recent years, air-gapped computers, which are disconnected from the internet so hackers can not remotely access their contents, have become a regular target for security researchers. Now, researchers from Tel Aviv University and Technion have gone a step further than past efforts, and found a way to steal data from air-gapped machines while their equipment is in another room.

"By measuring the target's electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall," Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer write in a recently published paper. The research will be presented at the upcoming RSA Conference on March 3.

"The attack in its current form uses lab equipment that costs about $3000 and, as
shown in the photos, is somewhat unwieldy," Tromer told Motherboard in an email. "However, experience shows that once the physical phenomena are understood in the lab, the attack setup can be miniaturized and simplified."

Although similar research on "listening" to steal crypto keys has been carried out before, this is the first time such an approach has been used specifically against elliptic curve cryptography running on a PC, the authors say. Elliptic curve cryptography, or ECC, is a robust approach to crypto, used in everything from securing websites to messages.

"The attacks are completely non-intrusive, we did not modify the targets or open their chassis"

The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key.

Specifically, the researchers obtained the private key from a laptop running GnuPG, a popular implementation of OpenPGP. (The developers of GnuPG have since released countermeasures to the method. Tromer said that the changes make GnuPG "more resistant to side-channel attack since the sequence of high-level arithmetic operations does not depend on the secret key.")

"The attacks are completely non-intrusive, we did not modify [the] targets or open their chassis," the researchers write.

To test the hack, the researchers first sent the target a specific ciphertext—in other words, an encrypted message.

"During the decryption of the chosen ciphertext, we measure the EM leakage of the target laptop, focusing on a narrow frequency band," the paper reads. The signal is then processed, and "a clean trace is produced which reveals information about the operands used in the elliptic curve cryptography," it continues, which in turn "is used in order to reveal the secret key."

The equipment used included an antenna, amplifiers, a software-defined radio, and a laptop. This process was being carried out through a 15cm thick wall, reinforced with metal studs, according to the paper.

The researchers obtained the secret key after observing 66 decryption processes, each lasting around 0.05 seconds. "This yields a total measurement time of about 3.3 sec," the paper reads. It's important to note that when the researchers say that the secret key was obtained in "seconds," that's the total measurement time, and not necessarily how long it would take for the attack to actually be carried out. A real world attacker would still need to factor in other things, such as the target reliably decrypting the sent ciphertext, because observing that process is naturally required for the attack to be successful.

The idea of eavesdropping on data in unconventional ways is pretty established by now. Criminals have "listened-in" on signals given off by car key fobs in order to rob vehicles, and the authors of this research have created something similar in the past. Last June, they presented a small gizmo that could steal crypto keys via radio waves from 19 inches away.

Read more: Let's Play NSA: The Hackers Open-Sourcing Top Secret Spy Tools

When it comes to an in-the-wild situation, this attack, although at the cutting edge, is still very much academic research, and, at the moment, it's hard to imagine it being deployed on any sort of wider scale.

But Tromer feels that, perhaps in the not so distant future, hackers could adapt these techniques, and make them more accessible and cheaper. Pointing at his and the other authors' previous work, he said "it is likely that the new attack can also be performed clandestinely and at at even lower cost. In this day and age, our personal data, financial assets and private communication are all protected by cryptographic algorithms, and
there are ample incentives and precedents for sophisticated attacks on the
general population."

That said, the attack, by its nature, has a particular focus on those high-end situations where an air-gap or other measures have been used to protect sensitive data.

"Our work is most pertinent to systems that are carefully protected against software attacks, but—as we show—may be wide open to inexpensive physical attacks," Tromer said.