Beware of Short-Distance Crypto Data Leaks

Mixed-signal chips with cryptographic processing are cheap and efficient. Black Hat researchers showed how they can also leak enough data to crack crypto keys.

LAS VEGAS—You've heard that computers are digital devices, and that even radio-based connections like Bluetooth and cellular are digital. But what you may not realize is that at the lowest level, they're actually analog.

Black Hat Bug ArtThe device doesn't store or send ones and zeroes; it sends wavelengths modulated to represent ones and zeroes. That's not a problem normally, and our devices act exactly as if they were pristinely digital. But, as a group of students and researchers demonstrated at Black Hat, bad things can happen when these digital signals interact with other components on popular chips.

Cracking Mixed-Signal Chips

This isn't the first hacking demonstration involve data leaked into seemingly unconnected components. Years ago, one researcher demonstrated cracking a cryptographic algorithm by analyzing the power drawn by the CPU. A similar demonstration did the same using radio frequency (RF) signals leaked by the device. However, the first demonstration required replacing the phone's battery with a sensor array, and the second only worked at very small distances. This year, the team managed a hack that works at 10 meters.

Cool Images Hidden On Silicon Chips

Before you invest in an RF-proof case for your smartphones, please understand that the demonstration here was strictly a proof-of-concept. In a very specific, controlled environment, the team could sift sideband signals from a Bluetooth transmission that gave them insight into what the CPU was doing. And they demonstrated the ability to extract an encryption key using a guessing technique that only worked because they had the sideband data.

Giovanni Camurati and Marius Muench, both PhD students at EURECOM, presented the team's findings at Black Hat. This is a team of academics, as evidenced by the thorough description of the whole process of capturing data via sideband transmission. The problem occurs when the digital components of a chip are built on the same die as the components for communication, Bluetooth in this example. The close coupling on these mixed-signal chips makes them both cheap and efficient, but it's also what makes data leakage possible.

Where Do We Go From Here?

"So, you say this is just a proof of concept, and doesn't attack a real device," said Camurati. "What's the point? Attacks on real world targets will follow. We can make data collection faster, we can process information better, [and] we can abuse weaknesses in the protocols. We are sharing early for faster mitigation and responsible disclosure."

Camurati noted that when this type of attack only worked over short distances, nobody cared. Now that they've got it work at 10 meters, they contacted companies making the types of chips involved. Two of the vendors are working on replicating the team's research, and another is looking at short-term and long-term countermeasures. "We are not naming anyone, as it is a general problem," said Camurati.

"What could be a countermeasure? You could add masking noise, and improve the protocols," said Camurati. "But the easy solutions are expensive, and these are low-cost chips. That could be a problem." He went on to suggest the possibility of turning off the radio during crypto computations, or changing chip fabrication to avoid the coupling that causes the leak.

"I want to leave you with three thoughts," concluded Camurati. "Everything is analog. Digital noise an leak into radio-frequency circuitry. And electromagnetic side-channel attacks can work at a distance."

Check out Camurati and Muench's full paper and GitHub repo for more details.

About Neil J. Rubenking