Skip Links

Hacking stunt: Stealing smartphone crypto keys using plain old radio

Smartphone radio-wave crypto grab to be demonstrated at RSA by Cryptography Research

By , Network World
January 26, 2012 03:53 PM ET

Network World - Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the world's foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month.

MORE STUNTS: Defcon Wi-Fi hack called no threat to enterprise WLANs

SECURITY: From Anonymous to Hackerazzi: The year in security mischief-making

"You tune to the right frequency," says Kocher, who described the hacking procedure as involving use of a radio device much like a common AM radio that will be set up within about 10 feet from the smartphone. The radio-based device will pick up electromagnetic waves occurring when the crypto libraries inside the smartphone are used, and computations can reveal the private key. "We're stealing the key as it's being used," he says, adding, "It's independent of key length."

Kocher says the goal of the hacking demo, which Cryptography Research will demonstrate throughout the RSA Conference at its booth, is not to disparage any particular smartphone manufacturer but to point out that the way crypto is used on devices can be improved.

"This is a problem that can be fixed," he says, noting Cryptography Research is working with at least one of the major smartphone makers, which he declined to name, on the issues around these types of radio-based attacks.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News