Using spellcheck? Electromagnetic fields could reveal your writing to snoops
By Jeremy Kirk
It has long been known that subtle electronic fields and noises emitted by computers can reveal clues about your activity, a powerful spying method that can be done from a few feet away.
These so-called “side-channel signals” can be collected by antennas or microphones and through analysis could reveal sensitive data such as encryption keys.
It’s not known if spy agencies are already using these methods, but the many academic studies outlining potential attacks would suggest it’s probably a growing part of signals intelligence.
Researchers from the Georgia Institute of Technology have embarked on a three-year project to figure out how these electronic signal leaks could be prevented by redesigning hardware and software.
Milos Prvulovic, an associate professor with Georgia Tech’s School of Computer Science, said his team has been looking for potential vulnerabilities in applications or hardware designs that might make such signals collection easier.
“I don’t want to demonstrate an attack in order to be able to defend against it,” Prvulovic said in a phone interview Thursday. “Then, the defenders are always playing catch up with the attackers.”
Much effort has gone into trying to stop side-channel attacks from being successful against specific pieces of code, such as a cryptographic kernel.
But much less work has been done in leakage at a broader architectural level, such as what features are the strongest leakers, they write in their research paper.
To look into this, the researchers developed a new metric called “Signal Available to Attacker” (SAVAT), which measures the side-channel signal generated by a single instruction difference when a program is executing.
SAVAT quantifies the side channel signal’s dependence on instruction-level differences. The metric allows programmers to modify their code to prevent such high differences from being detected, especially when processes are underway that deal with sensitive information.
They looked at the electronic emanations from three Windows XP laptops running 11 different instructions, as well as some mobile devices.
As expected, some signals were stronger than others depending on what components were involved. Two instructions executed on-chip tend to be quieter than a signal generated by an on-chip instruction that uses off-chip memory, according to their research paper.
Collecting those signal differences can reveal what an application is doing and could be used, for example, to obtain cryptographic keys without trying to break the encrypted content in other ways, Prvulovic said.
Over the years, people have become very good at collecting signals and matching that to a person’s activity. During their work, Prvulovic and his colleagues discovered an interesting peculiarity about spellcheckers, which isn’t mentioned in their paper.
There’s not a lot of signal that comes from a computer running a word processing program that has spellcheck turned off, Prvulovic said. It’s relatively difficult for an attacker to tell what key is pressed.
But turn spellcheck on, and things get really noisy. The signals can be picked up by an AM radio, Prvulovic said. In fact, the processing is so loud, it’s audible: a person can hear it.
Each keystroke causes the spellchecker to look up the word in a dictionary to try to catch a mistake and flag it.
“It turns out that spellchecking is orders of magnitude more activity than you would normally get for just a simple key press,” he said. “Modern software does a lot of stuff that is convenient but horribly computationally intensive. That creates differences that can be picked up.”