back to article May the May update be with you: OpenSSL key sniffed from radio signal

If you missed the OpenSSL update released in May, go back and get it: a Georgia Tech team recovered a 2048-bit RSA key from OpenSSL using smartphone processor radio emissions, in a single pass. The good news is that their attack was on OpenSSL 1.1.0g, which was released last November, and the library has been updated since …

  1. Tomato42

    Sidechannel attacks

    and to think that most of the security critical code is not tested for constant time execution, let alone constant memory access or constant EM emissions...

    1. Anonymous Coward
      Happy

      Re: Sidechannel attacks

      Doesn't seem too serious even without the fix. The paper says "in our experiments we place probes very close, but without physical contact with the (unopened) case of the phone," and in the picture the probe is only a couple of inches from the phone. If it could be done from across the street then I would be more worried.

      1. Michael Wojcik Silver badge

        Re: Sidechannel attacks

        most of the security critical code is not tested for constant time execution

        Constant-time arithmetic for cryptographic code is standard practice these days, and has been for some years. Amateur implementations may lack it, but the grownups all take it into consideration. When a timing side channel is found in a major crypto implementation these days, it's a bug, not a failure to consider the problem.

        Constant-time algorithms outside of crypto arithmetic are obviously far less common (and in many cases infeasible), but timing attacks outside crypto arithmetic are also rare. Obviously there are the various Spectre-class attacks, but they're not timing the victim application. There was the TENEX password-validation attack, but that was a very unusual case.

        If it could be done from across the street then I would be more worried.

        Sure, because no one ever gets their phone anywhere near an antenna, and we have no idea how to create directional antennas, or amplify signals.

        1. Tomato42

          Re: Sidechannel attacks

          Constant-time arithmetic for cryptographic code is standard practice these days, and has been for some years. Amateur implementations may lack it, but the grownups all take it into consideration. When a timing side channel is found in a major crypto implementation these days, it's a bug, not a failure to consider the problem.

          I didn't say it wasn't written to constant time standard, I said it's not tested to be constant time

  2. JeffyPoooh
    Pint

    Lesson from the early 1980s

    Back in the early 1980s, there was a game that ran on the old TRS-80 Z-80 based computers. The musical soundtrack was made available by placing an AM radio near the computer. In other words, the software not only managed the game play and 'graphics' (ASCII graphics), but simultaneously managed the EMI emissions to play a catchy tune.

    Point being: It's been demonstrated that software can independently control EM emissions, even to the point of making music. In the early 1980s. Probably single thread (?).

    So these days, clever coders could mask the keys, or have the emissions include very rude greetings.

    1. Been there, done that, it never ends

      Re: Lesson from the early 1980s

      Back around 1969/70, when I was in High School, we had an IBM system that had a program we could feed a set of musical notes to (encoded on cards) and place a radio on the console to hear the resulting tune. Since the school only got equipment that was out of date, I suspect this goes back a few years prior to that.

    2. Claptrap314 Silver badge

      Re: Lesson from the early 1980s

      This code is often in the critical inner loop for an event that the user is actively waiting on. Speed of execution is a really big deal here. Not much time to screw around manipulating the EMEs.

      Moreover, on the X86, user software could more-or-less control the entire state of the chip with ease. This is not at all the case any more. Finally, for the last twenty years, chips have been designed with the awareness that EME is a side channel, and they have taken steps to reduce it.

      So this particular game is both much harder to play and significantly harder to win these days. <sigh>

    3. cortland

      Re: Lesson from the early 1980s

      Heh! I retired from the US Army in 1983 -- and started a second career in EMC engineering with a few years doing TEMPEST testing.

  3. Mike 16

    A few Years prior

    Yup. There's a reason that an AM radio was hidden in the 1403 printer, to be found by Group Captain Mandrake, in the 1964 film Dr. Strangelove.

    Besides "play almost recognizable music via a transistor radio", we had a more practical use:

    "Recognize the distinctive tone of the idle loop, to know when it was time to put on the parka and go into the machine room to start the next job"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like