Thursday, 28 August 2014

Hacker Can Steal Data Only By Touching Computer

Traditionally, if a hacker wants to steal data from computer or server, he must use network cable, Wi-Fi or USB drives or other tools to establish a connection to the target system. According to U.S. technology news site report, Israel's University researchers recently successfully implemented a "steal data” technique that can use hands to touch computer and make use of the computer tiny voltage changes to reversely crack password and other data.


Traditionally, if a hacker want to attack system, he first need to find loopholes on software on target system, and then exploit the loophole to transfer data through communication link. This process is time consuming.


Recently, a research team at the University of Tel Aviv, Israel, has successfully developed a new technology, which may produce a simpler non-contact data transferring method in the future.


In this research project, the researchers with electrical signal digital equipment used hands or other conductive tools to contact computer hardware, so that they get computer's tiny voltage changes.


It was said that in the process of high-strength encryption of some algorithms (4096 RSA encryption) there’s some changes in computer voltage. Thus, researchers can follow the voltage data collected by touching to crack associated password.


It is reported that in the LAN cable and cable TV cables, the researchers also crack password and other information through voltage data.


Imagine that you can get the key to the stored data on computer only by touching the shell of the laptop computer. The principle of this technique lies in the fluctuations of electric potential caused by CPU operation. When encryption software uses key to decrypt, detecting the fluctuation can help getting the key.


Monitoring solution is as below:


Touch the laptop shell with hand, measure the electric potential released into your skin, and then use sophisticated software to analyze and get the password.


This incredible cracking technique was come up with by a computer security expert at Israel's Tel Aviv University, Eran Tromer, and he had been successfully demonstrated at a password meeting in California.


Use a common wire to touch the laptop’s metal shell or just use the wire to connect any part of attacker’s body and the attacker use hand(sweaty hand is better) to touch the computer. Using a common wire touch the metal housing of the computer can detect the signal, or any part of the wire connecting the body and the attacker, the attacker simply by hand (sweaty hands better) to touch computer. You can also get signals even when you bolt a wallet to the end of computer’s network cable, video cable or USB cable. The key to this cracking technique lies in touching the computer while decrypting files.


Tromer said that his research team had been tested the solution mentioned above on widely used high secure standard decryption algorithms, 4096 and 3072 RSA key ElGamal keys. This method is another strong evidence of so-called "side-channel" attacks. (Side channel attacks: take attacks through collecting encrypted electronic equipment’s time-consuming, power consumption, or electromagnetic radiation consumption during operation)


Preceding similar studies found that it’s able to get the key by analyzing computer’s power consumption. Conversely, it’s also possible to judge whether the computer is attacked via small changes in power use. Senior industry officials said, tens to hundreds of side-channel attack methods related to hardware would appear in the future.


Tromer said he had not heard of anyone using this method to steal data, but he had told this attack method to some encryption software developers. Software developers can add random data in the calculation process to avoid such attacks.


However, hackers in the real world need much time by touching the computer to steal data.


However, electronic devices including computers, servers are not insulator. Therefore, under growing technology background, some day hackers can approach electronic device and steal data and information through the electromagnetic information surrounding electronic devices.


It’s reported that research team mainly used the voltage information leaked by GnuPG encryption software during working process and told this company about this loophole. Other file encryption or drive encryption developers also need to pay attention to the problems and take measures to the loophole.


This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at http://ift.tt/jcXqJW.





No comments:

Post a Comment