1000words - Fotolia
I read about a proof-of-concept attack that stole decryption keys from PCs through radio waves using inexpensive, consumer-grade equipment. How does this attack work, and is it something enterprises should plan to defend against?
Security researchers from Tel Aviv University made a device out of inexpensive parts they bought at a consumer electronic shop to steal encryption keys from PCs. The attack requires physical access to the target's laptop and for the target laptop to decrypt an encrypted email message using GnuPG. The attacker can use a coil of wire to build a shielded loop antennae hidden inside pita bread (the ingenuity of grad students is unbounded!) and attached it to a software-defined radio to monitor the magnetic signal leaking out of the computer. Analysis of this signal can allow the attacker to extract decryption keys from the target system.
Enterprises don't need to specifically plan a defense against this type of software-defined radio attack. As the researchers noted, a Faraday cage would be an effective preventive measure, but also impractical. Regardless of the attack, if physical access can be gained, a dedicated attacker with sufficient time and resources will find a way to compromise the security of the device, with the worst case scenario being the attacker will use a rubber-hose attack to gain access to the decryption keys. A targeted attack could use all of these methods to obtain the data attackers want.
However, there are parts to this software-defined radio attack outside of the physical aspect that enterprises might want to prepare for and perform a careful analysis to determine if they have sufficient protections in place. Specifically, the attack requires the computer to automatically decrypt an incoming email message. This requires the decryption keys to be loaded into memory and does not require any additional actions on the device to access the specific key to decrypt the email. Preventing this attack could be done by requiring a short timeout for caching the key in memory so that once the user leaves the computer, the key is removed from memory so it couldn't be extracted and used for decryption.
Also, it's probably a bad idea to leave an email program running and set to open emails as they are received. There are benefits to leaving the email program running, but given the many risks around automatically decrypting an email, it's best to not automatically decrypt emails to show a delivery notification. The researchers also note that patches were developed for GnuPG, so keeping encryption software updated is critical to preventing attackers from stealing your decryption keys.
Read more on how AWS encryption keys got exposed
Dig Deeper on Hacker tools and techniques: Underground hacking sites
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading