Home Tags Coil

Tag: coil

Hackers electrocute selves in quest to turn secure doors inside out

'Please dont tell my wife about this' says one, as arcs thrill Kiwi crowds Kiwicon Not every demo at security cons goes off without a hitch: Badass hackers Ryan and Jeremy electrocuted themselves when building what could have been the first device capable of wirelessly exploiting door-opening push buttons. The pair demonstrated the trial and terror process of building the box at the Kiwicon hacking event in New Zealand last Friday. Before its insides dissolved due to extreme heat, the device it was capable of activating the push buttons that open doors to allow egress from secure buildings - but from the outside of that building. Ryan and Jeremy's beefed-up electromagnet is the latest in a niche line of research which would allow attackers to enter buildings by using the devices to unlock the push-button door controls. "I guess they really are touch-to-enter buttons," Jeremy told the 2,000 laughing hackers at the Michael Fowler centre, Wellington. "Should you be worried about this? Ehh probably not." Ryan (left) and Jeremy.
Image: Darren Pauli, The Register. The pair chalked their work up as a failed-but-fun experiment, but in reality it was something more akin to success. Others interested in the field could leverage their work, as Ryan and Jeremy did others, to build a more stable device. If that were to happen, scores of buildings would be at risk of break and entry. Right now, penetration testers on red teaming assignments rely on extendable sticks to shove between automatic doors.
Such rigs allow them to physically depress the buttons in a much more obvious attack. Ryan explained one beefed-up prototype that used ignition coils bought from car parts chain Supercheap Auto: "Instead of driving that small coil, it drives this massive coil, which goes into an even bigger coil which generates a large voltage which then jumps the spark gap and, instead of igniting fuel, it hits the touch-to-exit button," he says. "The air is literally conducting electricity, it's scary stuff." 'It was just a tickle'. During the testing process his mobile phone stopped working. The pair, who again requested photographic anonmity, then increased the amount of electrons running through their prototype. The current hopped across the helping hands and through Jeremy; "it was just a tickle" he says, asking delegates to please not inform his wife. Several pieces of equipment melted including a high current motor driver which blew up instantly in a puff of blue smoke.

Another piece of kit became so heated its solder melted. A prototype. They reworked some existing research which failed to open the push-to-exit buttons building an electromagnetic interference fuzzer which used a scripting language and a VLSI interface into testing equipment, plus a microphone used to detect if the contraption worked. Lab gear. The lab gear helped the pair better understand the right frequencies required to interfere with the push-to-exit button.

They found that lots of noise forces the exit buttons to reduce sensitivity, and that suddenly removing that noise causes buttons to unlock. "Some of these devices implement frequency-shifting so they are trying to evade interference like that," Ryan says. The final prototype: A microcontroller taped to a battery, taped to a resonance circuit, taped to more batteries. RIP. A final balled-up and taped device proved able to unlock the devices through a glass door, meaning attackers could use it to enter locked buildings, but it soon melted. "Forunately for us the frequency intereference doesn't have to come from directly in front of the reader, and can come from the sides," Ryan says. "The range wasn't great though, and then we realised we were only using a fourth of the power, so we increased it." "The hole in the middle?" he says, pointing to a burnt-out integrated circuit; "not meant to be there." "We're good at prototypes." ® Sponsored: Customer Identity and Access Management

On her microphone's secret service: How spies, anyone can grab crypto...

Boffins decode 'coil whine' while encryption code runs Discerning secret crypto keys in computers and gadgets by spying on how they function isn't new, although the techniques used are often considered impractical. A new paper demonstrates this surveillance can be pretty easy to pull off, even over the air from a few metres away. We all know that tiny fluctuations in electrical current during encryption routines, or even the sounds made by the system, can be picked up wirelessly to ascertain keys used – but it usually requires hooking up expensive analysis equipment and takes long periods of time to gather all the bits needed.

The NSA's TEMPEST program was set up to do just that. Now, in a paper published by the Association for Computing Machinery, researchers from Tel Aviv University have detailed how inexpensive kit can be used to harvest 4,096-bit encryption keys in just a few seconds and from distances of around 10 metres (33 feet). These are the same boffins who hid a loop of wire and a USB radio dongle in a piece of pita bread last year and used it to steal keys over the air. In their latest research, the team managed to pick up encryption keys using acoustics.

As a computer's processor churns through the encryption calculations, the machine emits a high-frequency "coil whine" from the changing electrical current flowing through its components. Not exactly subtle, but effective By using a parabolic mic, the team was able to pick up the coil whine from 10 meters (38 feet) away.

Trouble is, that mic is a little obvious if you're trying to be sneaky, so they managed to get the same result from a mobile phone's microphone placed 30 centimetres (12 inches) away from the spied-on PC.
In both cases it took an hour of listening to get the 4,096-bit RSA key. To combat this security hole, you need tweak your software, the team wrote.
It's possible to use acoustic dampening inside a PC against sound attacks, Faraday cages to block electromagnetic emissions, and insulation of the enclosures of laptops.

But this isn't practical in the real world. Instead, the team recommends encryption software writers build in "blinding" routines that insert dummy calculations into cryptographic operations.

After discussions with the team, GNU Privacy Guard now does this. So it's not all bad news, but the research does serve as a reminder that you don't just need to check your software for security, but scout around the hardware too for mysterious gadgets. ® Sponsored: Rise of the machines