This Radio Bug Can Steal Laptop Crypto Keys, Fits Inside A Pita by Andy Greenberg.
From the post:
THE LIST OF paranoia-inducing threats to your computer’s security grows daily: Keyloggers, trojans, infected USB sticks, ransomware…and now the rogue falafel sandwich.
Researchers at Tel Aviv University and Israel’s Technion research institute have developed a new palm-sized device that can wirelessly steal data from a nearby laptop based on the radio waves leaked by its processor’s power use. Their spy bug, built for less than $300, is designed to allow anyone to “listen” to the accidental radio emanations of a computer’s electronics from 19 inches away and derive the user’s secret decryption keys, enabling the attacker to read their encrypted communications. And that device, described in a paper they’re presenting at the Workshop on Cryptographic Hardware and Embedded Systems in September, is both cheaper and more compact than similar attacks from the past—so small, in fact, that the Israeli researchers demonstrated it can fit inside a piece of pita bread.
“The result is that a computer that holds secrets can be readily tapped with such cheap and compact items without the user even knowing he or she is being monitored,” says Eran Tomer, a senior lecturer in computer science at Tel Aviv University. “We showed it’s not just possible, it’s easy to do with components you can find on eBay or even in your kitchen.”
Their key-stealing device, which they call the Portable Instrument for Trace Acquisition (yes, that spells PITA) consists of a loop of wire to act as an antenna, a Rikomagic controller chip, a Funcube software defined radio, and batteries. It can be configured to either collect its cache of stolen data on an SD storage card or to transmit it via Wifi to a remote eavesdropper. The idea to actually cloak the device in a pita—and name it as such—was a last minute addition, Tomer says. The researchers found a piece of the bread in their lab on the night before their deadline and discovered that all their electronics could fit inside it.
…
I was surprised by the comment:
The notion of someone planting an eavesdropping device less than two feet away from a target computer may seem farfetched as an espionage technique—even if that spy device is concealed in a pita (a potentially conspicuous object in certain contexts) or a stealthier disguise like a book or trashcan.
Really?
Andy must not attend many technical conferences. Here is a photo of one that I picked at random from Google images:
What looks like it is within 19 inches of each of the laptops you see in that photo? Is the bottom of the table on which the computers sit within 19 inches of each laptop? Did you check under the table at the last security conference you attended?
Or for that matter, the last national intelligence conference where clearance was required to attend sessions?
Like the device, the under the table technique is cheap, highly effective, difficult to discover (when was the last time you looked at the bottom of a conference table?), etc. Don’t worry, I’m not giving away too much, there are refinements to the general idea.
One key to breaching or preventing breaches of security is to look at the world differently.
If you are interested in a different view of the world, you know where to find me.