Side-channel attacks often attract lots of interest.
That’s where you don’t directly try to eavesdrop on the actual process or procedure that’s your target, but instead listen in to the side effects it causes and figure out what’s going on indirectly.
For example, cops who wanted to track down illegal cannabis-growing operations in suburbia could fly drones through the neighbourhood with sophisticated molecule “sniffers” on board, sampling the atmosphere for the telltale emissions from the drug plants themselves.
Or they could simply look at the utility bills of any suspicious properties, and start their investigations with houses that burn lots of electricity at a constant rate. (Most of us turn the lights out during the day, as well as when we’re asleep.)
The data from the electricity meter acts as a side-channel that can reveal, or at least suggest, what’s happening inside a closed-up house.
We’ve written about many data exfiltration experiments using side channels, such as:
- The sound made by your computer could give away your encryption keys…
- “PowerSpy” – can crooks really track you by the power your phone is using?
- Stealing ATM PINs with thermal cameras
- Phones’ accelerometers allow you to be tracked on the metro
Now, students at the State University of New York in Buffalo have aimed the sensors built into a modern smartphone at 3D printers, and claim to be able to reconstruct the design you’re printing from the electrical and audio emanations as your printer does its work.
The report isn’t published yet, but it sounds (ha!) as though they focused on so-called additive printers, where a print head moves about in three dimensions, building up the desired object by depositing matter from specially-designed nozzles to create the final object.
Typically, at least in cheaper printers, the matter is some sort of polymer, often supplied as a reel of plastic cable that can be easily softened on demand, extruded, deposited with some precision, and then made (or allowed) to harden once again into a solid form.
As you can imagine, the to-and-fro acoustic buzzing of the print head as it moves, and the electronic “buzzing” as current flows and ebbs as the material is heated and extruded, must tell you something about what’s going on…
…and these intrepid researchers claim that they can figure out enough to reconstruct the form of the manufactured object with an accuracy at or above 90%.
Fascinating though this sounds, we’re not entirely convinced by this:
The smartphone, at 20 centimeters away from the printer, gathered enough data to enable the researchers to replicate printing a simple object, such as a door stop, with a 94 percent accuracy rate.
A 94% accurate doorstop doesn’t sound terribly impressive, considering that most doorstops we’ve seen are essentially rubber cylinders with a hole through the middle.
The researchers also claim that:
For complex objects, such as an automotive part or medical device, the accuracy rate was lower but still above 90 percent.
We’re not sure quite how useful a cloned medical device would be with 10% of its detail missing (if there is even a reliable way to define what you mean by “90% accuracy” for something like a medical device).
What to do?
Nevertheless, this is another good reminder that modern mobile phones, at least when you allow them into secure areas, ought not to be called phones any more.
They’re accelerometers, direction finders, sensitive sound recording devices, high-resolution still cameras, high-frame-rate video cameras, geolocation devices, radio receivers, radio transmitters, and much more, all packaged into a powerful, general purpose computer of diminutive size.
Call them multi-function surveillance tools hiding in plain sight that can also make and receive phone calls at a pinch.
Mobile device management software, like Sophos Mobile Control, is an excellent way to keep track of, and control over, your own mobile devices.
But it’s as good as impossible to exercise the same management control over other people’s phones when they visit your top-secret manufacturing plant.
In that case, you may want to consider an old-school solution: lockers outside your facility where electronic devices are dropped off on entry and recovered on departure.
TonyG
Some 15 years ago I managed an EC funded R&D project in security where using a coil wound round a needle on an X-Y plotter table, one of my researchers was able to recreate the VHDL (circuit design) of a simple microprocessor from the signals radiated whilst it was operating. I won’t divulge any of the other things we were able to do, although most of them were published.
So I don’t doubt that with the increase in processing power available (about 2^10 i.e. about 1,000x) over the intervening years this is possible, as it would be potentially simpler than recreating a CPU – you are only trying to deduce the x,y,z coordinates and a extrude command.
Larry M
Duck wrote “A 94% accurate doorstop doesn’t sound terribly impressive, considering that most doorstops we’ve seen are essentially rubber cylinders with a hole through the middle.”
In the US, they’re essentially a wedge. See Google Images.
Paul Ducklin
Iy my vocabulary, that’s a door wedge. (In fact, I bought a packet of six neatly-made wooden ones just last weekend. It was labelled “6 door wedges.” As far as design goes, they’re even simpler than cylindrical doorstops. No screw hole through the middle.)
A door wedge is slipped between the door and the floor, and wedges the door open so it doesn’t bang shut. You insert and remove the wedge as needed.
A doorstop is attached to the floor or wall behind the door, and stops the door opening too far and damaging the wall. You install a doorstop and leave it there.
(Interestingly, my American English dictionary admits of doorstop meaning a device to keep a door from shutting as well as from opening too far, but defines it as a “fixed or heavy object.”)
Whether you are cloning a wedge, a cylinder or a brick, a “94% accurate doorstop copy” is still a rather modest achievement :-)