Screaming Channels Attack RF Security

As long as there has been radio, people have wanted to eavesdrop on radio transmissions. In many cases, it is just a hobby activity like listening to a scanner or monitoring a local repeater. But in some cases, it is spy agencies or cyberhackers. [Giovanni Camurati] and his colleagues have been working on a slightly different way to attack Bluetooth radio communications using a technique that could apply to other radio types, too. The attack relies on the ubiquitous use of mixed-signal ICs to make cheap radios like Bluetooth dongles. They call it “Screaming Channels” and — in a nutshell — it is relying on digital information leaking out on the device’s radio signal.

Does it work? The team claims to have recovered an AES-128 key from 10 meters away. The technique reminds us a bit of TEMPEST in that unintended radio transmissions provide insight into the algorithm the device applies to encrypt or decrypt data. Most (if not all) encryption techniques assume you can’t see inside the “black box.” If you can, then it’s because it is relatively easy to break the code.

Some simple experiments (and knowledge of the device’s clock frequency) allowed the team to visualize the difference between encrypted data and non-encrypted data. Using software-defined radio techniques, they attacked a Nordic Semiconductor nRF52832 device in which they were able to easily find the part of the signal that corresponds to a single transaction. Some work had already been done on recovering a key when an attacker can measure the power using something like ChipWhisperer, and the team was able to leverage that work. Unlike ChipWhisperer, however, Screaming Channels doesn’t require a physical connection to the device.

Oddly, this isn’t as new as you’d think. A WWII-era Bell researcher noticed that he could detect the crypto machines operating from a distance by looking at noise on an oscilloscope and could read the text the machines were handling. Once they proved this was a real threat, they devised a cumbersome and difficult-to-deploy solution. The Army was too busy fighting a war, so they simply directed forces to keep the area around the crypto machines clear to prevent this kind of attack. Eventually, though, crypto machines would be shielded to prevent just this sort of attack.

The problem is now you have everything on one chip that you need to make for a few pennies. Protecting against this attack will require quite a bit of redesign and possibly separation of RF and digital data circuitry. Or, the market could do as the Army did and just decide to accept the risk.

We will probably see a lot of reinvention of security principles as more people who don’t develop secure systems try to do it anyway. The market may yet ignore low-risk issues, too. After all, many phones have fingerprint scanners even though those have been hackable for more than 15 years.