It’s like something out of Mission Impossible, or, perhaps more accurately, Get Smart: Imagine being able to steal data out of the air using a gadget hidden inside a piece of pita bread.
Researchers at—where else?—Tel Aviv University have done just that, pioneering a way to break encryption keys using radio waves using a raft of cheap, off-the-shelf components that can be combined into a small, concealable gadget. A gadget that’s just perfect for tucking into an innocuous-looking piece of flatbread.
Hackers could be sitting in a café, silently intercepting the online activities of those around them, while appearing to be doing nothing more than noshing away at a plate of roasted red pepper hummus.
The team of four Israeli researchers led by Daniel Genkin said that they were able to capture radio emissions given off by laptops. Those radio signals are generated by laptop CPUs crunching data (if not toasted pocket breads), and they’re subtly different depending on the activity. So, playing a game has a different radio signature than sending an email, and file decryption looks different than watching a video—etc. etc.
The differing power consumption needs for each activity give rise to the specific signatures, the researchers noted. And further, they found that they were able to uncover the encryption key for emails if they intercepted them in the process of being downloaded. In all they were able to recover keys used in several widely used encryption programs and algorithms to protect data.
The group has created a proof of concept dubbed the Portable Instrument for Trace Acquisition, aka, yes, you guessed it, PITA.
But don’t fear the café too much: Improvements would need to be made to make it as useful as, say, a shoe phone or the Cone of Silence. When PITA meets a pita, the attack has been demonstrated to work from a distance of only about a foot and a half—so the hacker would need to be really, really close to the victim, at which point he or she could probably save themselves a lot of trouble by just leaning over and reading the screen.
There are other issues too to work out before PITA is ready for mass consumption, as it were.
“The research from Tel Aviv University serves as a timely reminder of the innovative techniques that cybercriminals may use in the future, but it is highly unlikely that such an attack would yield positive results in a real-life environment outside laboratory conditions,” said Darin Welfare, vice president and GM for EMEA at WinMagic, in an email. “For example, replicating this attack in a generic environment like a coffee shop would likely be interrupted by the prevalence of other radio waves in the vicinity, skewing the results.”