With enough technical savvy, simply touching a laptop can suffice to extract the cryptographic keys used to secure data stored on it.
The trick is based on the fact that the “ground” electrical potential in many computers fluctuates according to the computation that is being performed by its processor—including the computations that take place when cryptographic software operates to decrypt data using a secret key.
Measuring the electrical potential leaked to your skin when you touch the metal chassis of such laptops, and analyzing that signal using sophisticated software, can be enough to determine the keys stored within, says Eran Tromer, a computer security expert at Tel Aviv University.
http://www.technologyreview.com/news/530251/how-to-break-cryptography-with-your-bare-hands/
[Paper] http://www.cs.tau.ac.il/~tromer/handsoff/
(Score: 1, Funny) by Anonymous Coward on Friday August 22 2014, @01:54AM
This is a shocking development.
(Score: 3, Insightful) by tynin on Friday August 22 2014, @02:33AM
perhaps if you knew the exact contents of the normal processes/workload of an os and everything else that shared the same electrical draw, and its behavior at a specific configuration, you might be able to make guesses against the delta of that signature. there are few things i think this would be doable in, smart phones and printers come to mind, and all of them would be targeted attacks.
(Score: 5, Funny) by frojack on Friday August 22 2014, @05:18AM
Some articles you have to just assume are total BS.
No, you are mistaken. I've always had this sig.
(Score: 5, Interesting) by bob_super on Friday August 22 2014, @05:36AM
In this case it's a hyperbolic interpretation of a real security problem known as a Differential Power Analysis (DPA) Attack.
DPA attacks work on embedded systems because you can know when they are using the AES keys for an extended time.
Joe Average with a multicore processor running a multitasking OS is unlikely to be worth the tiny odds. Then again, Joe Average doesn't hide military code with his keys. You can't get clearance to do sensitive stuff anymore, if you haven't considered DPA in your design.
(Score: 2) by Professr on Friday August 22 2014, @03:59AM
At first, I thought this was going to be a more "hands-on" version of the Rubber Hose decryption algorithm. Alas, it is just an excerpt from Neil Stephenson fan fic :\
(Score: 3, Informative) by jimshatt on Friday August 22 2014, @10:11AM
But this is of course a little more difficult. Akin to spying on IP traffic by looking at the blinking LEDs on a router/switch/hub.
(Score: 2) by mechanicjay on Friday August 22 2014, @01:46PM
I think your analogy is a bit simplistic, but basically spot on.
Perhaps I'm just not enlightened enough, but I don't see how this is possible except, perhaps in the theoretical sense. If I'm using all my cores to handbrake a BluRay at the same time, is the electrical noise signature clean enough to determine anything besides that the box is busy? What about dirty mains power, or near by electrical interference? I'd need to see a real proof of concept of this before I believe a word of it.
My VMS box beat up your Windows box.
(Score: 2) by TK on Friday August 22 2014, @03:15PM
Isn't the dirty mains power handled by the laptop's external power supply? Even if it supplies "dirty" DC power, you could measure that directly and filter it out of your measurement from the laptop.
I'm not saying this will make this job approach feasibility, but it could eliminate one source of noise.
The fleas have smaller fleas, upon their backs to bite them, and those fleas have lesser fleas, and so ad infinitum