Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.

The antenna was detecting radio signals “leaking” from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. When Kenworthy tuned his equipment to look in the right place, a clear, regular pattern of peaks and troughs appeared on his computer screen. They could be seen to come in two varieties, large and small, directly corresponding to the string of digital 1s and 0s that make up the encryption key.

“[This] antenna is not supposed to work at this frequency, and it’s been in someone’s attic for years and is a bit bent,” said Kenworthy, a principal engineer at Cryptography Research. “You could build an antenna into the side of a van to increase your gain—well, now you’ve gone from 10 feet to 300 feet.”

Kenworthy and Benjamin Jun, Cryptography Research’s chief technology officer, also demonstrated how a loop of wire held close to two models of smart phone could pick up their secret keys. The signal from an HTC Evo 4G smart phone was a direct transcript of the device’s key, used as part of a common cryptographic algorithm called RSA. The researchers required a more complex statistical analysis to successfully capture a key from another HTC device, which was used as part of an encryption scheme known as AES.

Jun said that all the devices his company has tested produced signals of some kind that could betray their keys, although different eavesdropping techniques were necessary for different devices. While some could be vulnerable to a long-range attack, as in the iPod demonstration, others like the HTC devices would require an attacker to get up close. But that could be practical, said Jun, if contactless receivers used to collect payments from phones with NFC chips were modified by crooks. NFC chips are expected to become widely available in smart phones in coming months as Google and other companies develop contactless mobile payment systems.

The apps used in Jun and Kenworthy’s demonstrations were of their own design, because it would be “bad manners” to demonstrate sniffing keys from other company’s apps, said Jun. However, the researchers have shown privately that they can eavesdrop on encryption keys from any app or mobile software, he said.

7 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Communications, cryptography, smart phones, antenna

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me