A pita sandwich could be used to infiltrate your laptop (yes you read, that right, let me explain).
The Times of Israel brings our attention to a paper released Tuesday, where researchers at Tel Aviv University (TAU) describe how cheap parts from Radio Shack can be connected to create a device that can infiltrate your laptop. What is really scary about this is that the device can not only fit inside a pita (see, I’m not crazy!), but there is also little your laptop can do to defend against the attack.
The device described in the paper can “read” electromagnetic pulses emanating from a laptop’s keyboard, including the keystrokes used to decrypt secure documents.
The TAU team playfully designated this type of attack as PITA – Portable Instrument for Trace Acquisition. The report, authored by Daniel Genkin, Itamar Pipman, Lev Pachmanov, and Eran Tromer, was released to coincide with a major cyber-security conference taking place at Tel Aviv University this week.
The paper, titled ‘Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation’ reports that the research team “successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP encryption standard), within a few seconds.”
The team was also able to successfully duplicate their attacks using other popular encryption suites, including RSA and ElGamal.
Using a device that can receive radio signals (an actual radio, or a USB stick designed to receive and playback audio messages), the researchers were able to observe fluctuations in the electromagnetic field surrounding the laptop, and translate those fluctuations into keystrokes using analysis software.
The paper not only explains how the device works, but also describes how easy it is to acquire the parts (all of which are easily available at a local electronics store), assemble and connect the components, and even how to discretely hide the device in some pita bread.
The only drawback from this new type of cyber attack is its range: the target of the attack would need to be within 50 centimeters (20 inches) of the attacker. On the flip side the attack only takes seconds, meaning that local coffee shops or pita stores offer the perfect venues for the attack, thanks to the convenience of power outlets and free Wi-Fi. A hacker could attack their target in a ‘walk-by’ attack, camouflaging their “poisoned pita” on a tray with real food.
The worst part of this whole ordeal, according to the team, is that there is very little computer users can do to prevent these attacks, short of staying out of public spaces and hiding their laptops from pita sandwiches.
“Preventing such low-level leakage prevention is often impractical” the researchers explained, due to the excessive hardware required to implement true prevention strategies (like Faraday cages), or the extreme performance decrease that would be experienced using a software solution.
“Even when a cryptographic scheme is mathematically secure and sound, its implementations may be vulnerable to side-channel attacks that exploit physical emanations,” the team said. The hack “can target commodity laptop users. We have tested numerous laptop computers of various models and makes.”
Source: Shalom Life