1000words - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can attackers steal decryption keys through radio waves?

Security researchers have figured out how to steal decryption keys through radio waves. Nick Lewis explains how the proof-of-concept attack works and if enterprises should be concerned.

I read about a proof-of-concept attack that stole decryption keys from PCs through radio waves using inexpensive, consumer-grade equipment. How does this attack work, and is it something enterprises should plan to defend against?

Security researchers from Tel Aviv University made a device out of inexpensive parts they bought at a consumer electronic shop to steal encryption keys from PCs. The attack requires physical access to the target's laptop and for the target laptop to decrypt an encrypted email message using GnuPG. The attacker can use a coil of wire to build a shielded loop antennae hidden inside pita bread (the ingenuity of grad students is unbounded!) and attached it to a software-defined radio to monitor the magnetic signal leaking out of the computer. Analysis of this signal can allow the attacker to extract decryption keys from the target system.

Enterprises don't need to specifically plan a defense against this type of software-defined radio attack. As the researchers noted, a Faraday cage would be an effective preventive measure, but also impractical. Regardless of the attack, if physical access can be gained, a dedicated attacker with sufficient time and resources will find a way to compromise the security of the device, with the worst case scenario being the attacker will use a rubber-hose attack to gain access to the decryption keys. A targeted attack could use all of these methods to obtain the data attackers want.

However, there are parts to this software-defined radio attack outside of the physical aspect that enterprises might want to prepare for and perform a careful analysis to determine if they have sufficient protections in place. Specifically, the attack requires the computer to automatically decrypt an incoming email message. This requires the decryption keys to be loaded into memory and does not require any additional actions on the device to access the specific key to decrypt the email. Preventing this attack could be done by requiring a short timeout for caching the key in memory so that once the user leaves the computer, the key is removed from memory so it couldn't be extracted and used for decryption.

Also, it's probably a bad idea to leave an email program running and set to open emails as they are received. There are benefits to leaving the email program running, but given the many risks around automatically decrypting an email, it's best to not automatically decrypt emails to show a delivery notification. The researchers also note that patches were developed for GnuPG, so keeping encryption software updated is critical to preventing attackers from stealing your decryption keys.

Next Steps

Read more on how AWS encryption keys got exposed

Discover encryption key management best practices for the cloud

Find out why security certificates and cryptographic keys are in peril

This was last published in January 2016

Dig Deeper on Hacker tools and techniques: Underground hacking sites