Stealing Keys from Air‑Gapped PCs via Electromagnetic Eavesdropping
Researchers demonstrate a $3,000 electromagnetic detector that can capture encryption keys and other sensitive data from computers that are not connected to any network, revealing a fast, non‑intrusive side‑channel attack that bypasses traditional security measures.
Traditionally, attackers obtain cryptographic keys from a target computer in three ways: (1) physically accessing the machine and installing malware, (2) remotely compromising it over the internet, or (3) using a removable medium to ferry malware into an air‑gapped system.
These methods are now considered weak. An Israeli white‑hat researcher has created a high‑energy technique that places a large “stethoscope” next to a computer and captures the electromagnetic waves emitted during its operation, extracting plaintext passwords directly.
The attack is extremely fast, taking only a few seconds to retrieve a key.
It does not involve cracking passwords; it simply records the emitted electromagnetic signals that reveal the plaintext.
No network connection or physical contact with the target computer is required.
The prototype device costs about $3,000 and can precisely capture and amplify the electromagnetic emissions of nearby computers.
In an experiment, the researchers sent an encrypted email to a victim PC, and while the mail was being decrypted, the device recorded narrow‑band signals that corresponded to the decryption process. By analyzing 66 such events over 3.3 seconds, they recovered the encryption key.
The researchers liken this breakthrough to discovering “gravitational waves” for hackers, showing that a computer “talks” to the physical world and can be listened to if one knows how.
According to researcher Tromer, the method could soon move from the lab to widespread use, with cheaper devices emerging. However, building such a detector requires strong physics knowledge to filter out background noise, a hurdle for typical programmers.
As Tromer warns, while computers are heavily protected in the digital realm, they are virtually naked in the physical world, making side‑channel attacks a serious privacy threat.
To mitigate this risk, users should adopt proper security practices, though the article does not list specific steps beyond illustrating a “correct” computer usage image.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.