Boffins: Mixed-signal silicon can SCREAM your secrets to all

'Screaming Channels', a side-channel baked into off-the-shelf Wi-Fi, Bluetooth silicon

Side-channel radio attacks just got a whole lot worse: a group of researchers from Eurecom's Software and Systems Security Group has extracted crypto keys from the noise generated by ordinary communications chips.

Unlike more esoteric side-channels, which often need physical access to a target machine or some kind of malware implant, this leak comes from radio devices working as intended by the maker. If an SoC packs analogue and digital operations on the same die, the CPU's operations inevitably leak to the radio transmitter, and can be traced from a distance.

As Tom Hayes of Eurecom wrote to El Reg in an email: “This type of leak is carried by the device's intended radio signal, and thus broadcast over a potentially longer distance” [than previous side-channel attacks].

You seen him? Hasidim

How to quietly slurp sensitive data wirelessly from an air-gapped PC


“In our work we have demonstrated over-the-air extraction of AES keys from a consumer-grade bluetooth device over a distance of 10 meters”, Hayes continued.

The paper describing their work, “Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers”, explains that the physical mechanism involved is very simple. “Leakage from digital logic is inadvertently mixed with the radio carrier, which is amplified and then transmitted by the antenna”, because “mixed-signal chips include both digital circuits and analog circuits on the same silicon die in close physical proximity,” the paper says.

That crosstalk between CPU and radio allowed the group to recover the AES-128 key from tinyAES from 10 metres away, and - using a correlation attack - they claimed to grab the AES-128 key in mbedTLS at a distance of one meter. Ouch.

To demonstrate that this isn't vendor-specific (for example, the result of bad design), the researchers tested the nRF52832, a Bluetooth low-energy chip from Nordic Semiconductor; and a Qualcomm Atheros AR9271, a Wi-Fi USB dongle.

As the spectrograph below shows, the ten rounds of an AES-128 negotiation are easy to identify in the “noise” coming from the Bluetooth LE chip:

Radio trace of an AES-128 negotiation

The ten rounds of AES-128 setup are clearly visible in this radio trace. Image: Eurecom, "Screaming Channels"

Because the digital noise is picked up and amplified by the radio circuits, it can travel a useful distance. The researchers achieved key recovery over 10 metres in an anechoic chamber, but they note that with more development, others could improve on their results.

With a trace captured and cleaned up, the researchers wrote, pre-existing key-recovery tools like ChipWhisperer recovered the AES encryption keys with only small modifications.

The group has published its paper here, and its code is available at GitHub.

The paper will be presented at BlackHat in August, and at the ACM's Conference on Computer and Communications Security in October.

The team included Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes and Aurélien Francillon, all from Eurecom. ®

Other stories you might like

  • Walmart accused of turning blind eye to transfer fraud totaling millions of dollars
    Store giant brands watchdog's lawsuit 'factually misguided, legally flawed'

    The FTC has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "hundreds of millions of dollars."

    In a lawsuit [PDF] filed Tuesday, the US regulator claimed the superstore giant is "well aware" of telemarketing fraudsters and other scammers convincing victims to part with their hard-earned cash via its services, with the money being funneled to domestic and international crime rings.

    Walmart is accused of allowing these fraudulent money transfers to continue, failing to warn people to be on their guard, and failing to adopt policies and train employees on how to prevent these types of hustles.

    Continue reading
  • HPE unveils Arm-based ProLiant server for cloud-native workloads
    Looks like it went with Ampere – which means a certain Reg writer lost a bet

    Arm has a champion in the shape of HPE, which has added a server powered by the British chip designer's CPU cores to its ProLiant portfolio, aimed at cloud-native workloads for service providers and enterprise customers alike.

    Announced at the IT titan's Discover 2022 conference in Las Vegas, the HPE ProLiant RL300 Gen11 server is the first in a series of such systems powered by Ampere's Altra and Altra Max processors, which feature up to 80 and 128 Arm-designed Neoverse cores, respectively.

    The system is set to be available during Q3 2022, so sometime in the next three months, and is basically an enterprise-grade ProLiant server – but with an Arm CPU at its core instead of the more usual Intel Xeon or AMD Epyc X86 chips.

    Continue reading
  • US weather forecasters power up latest supercomputers to keep you out of the rain
    NOAA makes it rain for HPE, AMD

    Predicting the weather is a notoriously tricky enterprise, but that’s never held back America's National Oceanic and Atmospheric Administration (NOAA). After more than two years of development, the agency brought a pair of supercomputers online this week that it says will enable more accurate forecast models.

    Developed and maintained by General Dynamics Information Technology (GDIT) under an eight-year contract, the Cactus and Dogwood supers — named after the fauna native to the machines' homes in Phoenix, Arizona, and Manassas, Virginia, respectively — will support larger, higher-resolution models than previously possible. The cost to build, house, and support and operate these machines, now operational, will cost $150 million over the next five years, we understand.

    “People are looking for the best possible weather forecast information that they can get,” Brian Gross, director of the Environmental Modeling Center for the National Weather Service, told The Register.

    Continue reading
  • Google said to be taking steps to keep political campaign emails out of Gmail spam bin
    Just after Big Tech comes under fire for left and right-leaning message filters

    Google has reportedly asked the US Federal Election Commission for its blessing to exempt political campaign solicitations from spam filtering.

    The elections watchdog declined to confirm receiving the supposed Google filing, obtained by Axios, though a spokesperson said the FEC can be expected to publish an advisory opinion upon review if Google made such a submission.

    Google did not immediately respond to a request for comment. If the web giant's alleged plan gets approved, political campaign emails that aren't deemed malicious or illegal will arrive in Gmail users' inboxes with a notice asking recipients to approve continued delivery.

    Continue reading
  • China is trolling rare-earth miners online and the Pentagon isn't happy
    Beijing-linked Dragonbridge flames biz building Texas plant for Uncle Sam

    The US Department of Defense said it's investigating Chinese disinformation campaigns against rare earth mining and processing companies — including one targeting Lynas Rare Earths, which has a $30 million contract with the Pentagon to build a plant in Texas.

    Earlier today, Mandiant published research that analyzed a Beijing-linked influence operation, dubbed Dragonbridge, that used thousands of fake accounts across dozens of social media platforms, including Facebook, TikTok and Twitter, to spread misinformation about rare earth companies seeking to expand production in the US to the detriment of China, which wants to maintain its global dominance in that industry. 

    "The Department of Defense is aware of the recent disinformation campaign, first reported by Mandiant, against Lynas Rare Earth Ltd., a rare earth element firm seeking to establish production capacity in the United States and partner nations, as well as other rare earth mining companies," according to a statement by Uncle Sam. "The department has engaged the relevant interagency stakeholders and partner nations to assist in reviewing the matter.

    Continue reading
  • California's attempt to protect kids online could end adults' internet anonymity
    Websites may be forced to verify ages of visitors unless changes made

    California lawmakers met in Sacramento today to discuss, among other things, proposed legislation to protect children online. The bill, AB2273, known as The California Age-Appropriate Design Code Act, would require websites to verify the ages of visitors.

    Critics of the legislation contend this requirement threatens the privacy of adults and the ability to use the internet anonymously, in California and likely elsewhere, because of the role the Golden State's tech companies play on the internet.

    "First, the bill pretextually claims to protect children, but it will change the Internet for everyone," said Eric Goldman, Santa Clara University School of Law professor, in a blog post. "In order to determine who is a child, websites and apps will have to authenticate the age of ALL consumers before they can use the service. No one wants this."

    Continue reading

Biting the hand that feeds IT © 1998–2022