Leaky Radio Signals Pose Smartphone Security Risk

Smartphones and gadgets leak signals from their electronics, potentially revealing encryption keys

The smartphone is often viewed as the mobile tool of choice for businesses, but an expert has warned that their data may be at risk, even if it is encrypted.

The warning came from Gary Kenworthy of Cryptography Research at the RSA 2012 Conference last week.

Leaky Processors

Kenworthy warned that the processors that are commonly found in smartphones and tablets leak  RF or radio signals. And he warned that old school analogue antennas can pick up these radio signals, potentially harvesting the encryption keys used to protect any sensitive data on the device itself.

Kenworthy demonstrated the problem at the conference holding an iPod Touch on stage and looking over to a TV antenna three meters away. According to Technology Review, the RF signal from the iTouch was picked up by the antenna, and was then routed through an amplifier and computer software. This then revealed the secret key that was being used by an app running on the device to encrypt data.

The problem is that an attacker who then has access to this key, could use it to impersonate the device he stole it from –  for example to access corporate email systems on a company server.

How did the antenna pick up signals from the device? Well, smartphones and other devices contain radio transmitters to communicate with cell towers and Wi-fi base stations, but in this case, the signal was apparently leaking form the CPU itself.

This is because as the CPU performs an operation, it radiates at a particular frequency. These frequencies change depending on the operation of CPU, but it is fairly easy to build a system that can detect this RF radiation.

Cryptography Research for example reportedly built its detector using nothing more than a simple AM radio and some other electronics. This allowed it to analyse the peaks and troughs of the signal which correspond to the string of digital 1s and 0s that make up the encryption key.

“[This] antenna is not supposed to work at this frequency, and it’s been in someone’s attic for years and is a bit bent,” Kenworthy, a principal engineer at Cryptography Research told Technology Review. “You could build an antenna into the side of a van to increase your gain – well, now you’ve gone from 10 feet to 300 feet.”

Insecure Mobiles

Of course it has long been known that mobile phones are potential security risks, which is posing a real headache for IT managers contending with the BYOD trend.

In December, 2010, security researchers for example showed how they could eavesdrop on any calls and text messages made on a GSM network. Prior to that they had cracked and published the encryption code, but the Global System for Mobile Communications Association (GSMA) downplayed any concerns over the security of mobile phone calls.

But researchers have also previously cracked the 768-bit RSA encryption used for protecting sensitive data in transit.

And then in August, 2010, fresh concerns were raised after security specialists uncovered a flaw that could turn the mobile phone into a listening device that could effectively turn the device into a bug and allow them to listen in on any conversation.

Another problem was highlighted last October, when it was revealed that the London Metropolitan Police Service (MPS) had acquired surveillance technology that could masquerade as a mobile phone cell tower, allowing the police to intercept mobile calls.

And only last month security consultancy Digital Assurance explained to Techweek Europe how critical emergency services could be under threat of disruption owing to the adoption of low-cost Software Defined Radio (SDR) within many modern devices.

How well do you know Internet security? Try our quiz and find out!