When we imagine the act of hacking a system we always think of hooded hackers typing frantically in the dark, but in reality there are many methods to break the security of our computer; even, as researchers at Tel Aviv University have revealed, it may be enough to simply touch the computer to break the encryption of our files. It sounds simple, perhaps too simple, and perhaps that is why it is more fearsome, although this technique has its weak points. But first, we must understand how it works.
The magic touch
Instead of focusing on attacking the system from the virtual side, this method is what is known as a lateral attack, one carried out on the physical part, in particular the metallic parts of our computer, whose load fluctuates depending on what our components are doing; It is a minimal variation, but it can be measured. Thus, when we touch any of these parts of the computer, our skin receives these variations in charge (which in extreme cases would be a spark, but which normally does not affect us).
These loads vary depending on the actions of our computer: the researchers discovered that were able to extract the used encryption keys while securing files, because the operations caused a pattern of consistent voltage fluctuations and were easy to detect compared to those caused by other operations. This type of key theft is more effective in summer with humid climates so that our skin sweats; It is also possible to obtain these measurements by bringing pieces of metal closer to the output of USB and Ethernet ports. The tests managed to obtain encryption keys used in the GnuPG implementation of the OpenPGP free standard, although the researchers have already warned the developers and they have released a patch that minimizes this security hole.
The security bugs that take into account the hardware on which the code is executed are not too exploited and therefore the programmers do not bother much to find them, but that means that there are currently a large number of attack vectors ready to be discovered and exploited. If these types of attacks become fashionable we can have a serious problemSo it’s good news that researchers are a couple of steps ahead in this regard.
Source | MIT Technology Review
