Using spellcheck? Electromagnetic fields could reveal your writing

Georgia Tech is studying better software and hardware designs to prevent electronic snooping

Georgia Tech researchers Alenka Zajic and Milos Prvulovic use an AM/FM radio to pick up side-channel signals from a cell phone, which could be used to learn what computations are being done by the device.

Georgia Tech researchers Alenka Zajic and Milos Prvulovic use an AM/FM radio to pick up side-channel signals from a cell phone, which could be used to learn what computations are being done by the device.

It has long been known that subtle electronic fields and noises emitted by computers can reveal clues about your activity, a powerful spying method that can be done from a few feet away.

These so-called "side-channel signals" can be collected by antennas or microphones and through analysis could reveal sensitive data such as encryption keys.

It's not known if spy agencies are already using these methods, but the many academic studies outlining potential attacks would suggest it's probably a growing part of signals intelligence.

Researchers from the Georgia Institute of Technology have embarked on a three-year project to figure out how these electronic signal leaks could be prevented by redesigning hardware and software.

Milos Prvulovic, an associate professor with Georgia Tech's School of Computer Science, said his team has been looking for potential vulnerabilities in applications or hardware designs that might make such signals collection easier.

"I don't want to demonstrate an attack in order to be able to defend against it," Prvulovic said in a phone interview Thursday. "Then, the defenders are always playing catch up with the attackers."

Much effort has gone into trying to stop side-channel attacks from being successful against specific pieces of code, such as a cryptographic kernel.

But much less work has been done in leakage at a broader architectural level, such as what features are the strongest leakers, they write in their research paper.

To look into this, the researchers developed a new metric called "Signal Available to Attacker" (SAVAT), which measures the side-channel signal generated by a single instruction difference when a program is executing.

SAVAT quantifies the side channel signal's dependence on instruction-level differences. The metric allows programmers to modify their code to prevent such high differences from being detected, especially when processes are underway that deal with sensitive information.

They looked at the electronic emanations from three Windows XP laptops running 11 different instructions, as well as some mobile devices.

As expected, some signals were stronger than others depending on what components were involved. Two instructions executed on-chip tend to be quieter than a signal generated by an on-chip instruction that uses off-chip memory, according to their research paper.

Collecting those signal differences can reveal what an application is doing and could be used, for example, to obtain cryptographic keys without trying to break the encrypted content in other ways, Prvulovic said.

Over the years, people have become very good at collecting signals and matching that to a person's activity. During their work, Prvulovic and his colleagues discovered an interesting peculiarity about spellcheckers, which isn't mentioned in their paper.

There's not a lot of signal that comes from a computer running a word processing program that has spellcheck turned off, Prvulovic said. It's relatively difficult for an attacker to tell what key is pressed.

But turn spellcheck on, and things get really noisy. The signals can be picked up by an AM radio, Prvulovic said. In fact, the processing is so loud, it's audible: a person can hear it.

Each keystroke causes the spellchecker to look up the word in a dictionary to try to catch a mistake and flag it.

"It turns out that spellchecking is orders of magnitude more activity than you would normally get for just a simple key press," he said. "Modern software does a lot of stuff that is convenient but horribly computationally intensive. That creates differences that can be picked up."

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags Georgia Institute of Technologysecurity

More about Georgia Institute of TechnologyModernTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place