Passwords can be stolen just by monitoring unintentional electromagnetic emanations from a computer’s power management unit (PMU). Georgia Tech researchers discovered this new side-channel attack that can be used to extract sensitive data even if the attacker is 10 feet away or even separated by a wall.
“In the past five years, researchers are showing a lot of different vulnerabilities in hardware,” School of Computer Science Ph.D. student Nader Sehatbakhsh said. “Power management units are just one of many different hardware components that can leak secrets.”
The Power Problem
While computer power used to be a simple on-off switch, new PMUs operate in up to 10 different states to preserve energy. Researchers found that each state emits a different electromagnetic signal that creates spikes in the frequency-domain spectrum, and as the activity increases so does the signal and the spikes.
Typing characters creates periods of high-state activities in which the distance between state spikes can show the location of keys on a keyboard. With the right monitoring, an attacker can determine the number of characters or how many words are in a password, or even find the exact characters.
This type of monitoring is called a side-channel attack, in which an attacker can extract sensitive data from physical signals produced by electronic activity within the device. Sound, temperature, power, and electromagnetic waves are common signals.
PMU side-channel attacks can also be exploited to create a fast and stealthy covert communication. For example, a rogue employee could extract data outside of a secured company’s computer, breaking existing security.
Stopping the Side-channel
Side-channel vulnerabilities are becoming more pervasive because security is not the first priority for hardware designers, according to Sehatbakhsh. Their primary goals are to create something fast and cost-effective, and security often slows down the process and becomes more expensive. Yet with more research like this, things could change, Sehatbakhsh said.
“Now people are demanding extra security, so hopefully ignoring these vulnerabilities won’t be an option in the future.”
At this point in their work, the researchers are mostly exposing the problem, but there are potential solutions, Sehatbakhsh suggested. Adding randomness to the PMU would unsync power states from the data they provide; however, this solution might consume too much power for developers to implement it.
Sehatbakhsh will present the research at the 26th International Symposium on High-Performance Computer Architecture in San Diego from Feb. 22 to 26. He co-wrote the paper with School of Electrical and Computer Engineering (ECE) Ph.D. student Baki Berkay Yilmaz, ECE Associate Professor Alenka Zajic, and SCS Professor Milos Prvulovic.