Comment 5KYS Re: What makes this news? TEMPEST ANYONE

Story

Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Preview

What makes this news? TEMPEST ANYONE (Score: 1)

by bsdguy@pipedot.org on 2015-03-23 02:31 (#5FZK)

I learned about doing this back in the Navy in the late 1970s. This is exactly why there are protocols over what electronics can be used when on a warship. Back in the 1980s it was possible to pick up random radiation to discover the position of a ship fairly far away, and if one had the right equipment even in those days keystrokes could be decoded based on the radiation from the keyboards and terminals.

So I have to say that those who do not read history are doomed to learn the lesson again.

bsdguy

Re: What makes this news? TEMPEST ANYONE (Score: 1)

by seriously@pipedot.org on 2015-03-24 10:20 (#5KYS)

In this case, the attacker doesn't necessarily need you to touch the keyboard or anything. Their attack scenario is the following:

1. they send you an email with specific content and encrypted using your public key.
2. your email client fetches the email
3. the moment the client decrypts it (e.g. using Enigmail in Thunderbird), they can infer your private key just from the CPU's EM radiations.
4. Profit !!

Besides, their hardware is very small (as in "fits in a pocket") and quite cheap (as in less than 300$) compared to what (they claim) existed before.

History

2015-03-24 10:20
In this case, the attacker doesn't necessarily need you to touch the keyboard or anything. Their attack scenario is the following:

1. they send you an email with specific content and encrypted using your public key.
2. your email client fetches the email
3. the moment the client decrypts it (e.g. using Enigmail in Thunderbird), they can infer your private key just from the CPU's EM radiations.
4. Profit !!

Besides, their hardware is very small (as in "fits in a pocket"), and quite cheap (as in less than 300$) compared to what (they claim) existed before.

Junk Status

Not marked as junk