Screaming Channels is a project that investigates long-distance side-channel attacks on radio signals emitted by mixed-signal chips. Up to now, our best result is a full key recovery from 10 m (Bluetooth dongle, TinyAES 128, anechoic room). We make our setup and code public so that others can reproduce and improve our results.
In a nutshell, Screaming Channels is based on these remarks:Screaming Channels: When Electromagnetic Side Channels Meet Radio TransceiversTo appear at the 25th ACM conference on Computer and communications security (CCS), Toronto, Canada
Full key recovery now working from 10 m in an anechoic room (Bluetooth dongle, TinyAES 128).
Giovanni Camurati and Marius Muench presented the Screaming Channels project at Black Hat USA 2018, on August 9 afternoon in Las Vegas (USA).
Giovanni Camurati presented Screaming Channels at ACM CCS 2018.
Sebastian Poeplau presented Screaming Channels at CSAW 2018 and won the 3rd place at CSAW Europe 2018 Applied Research Competition.
Marius Muench presented Screaming Channels at GreHack 2018.
LE MONDE, 25.07.2018, Les très indiscrètes puces des objets connectés
The Register, 27.07.2018, Boffins: Mixed-signal silicon can SCREAM your secrets to all
HACKADAY, 27.07.2018, Screaming Channels Attack RF Security
HACKADAY, 30.07.2018, Screaming Channels Attacks Against Mixed Signal Microcontrollers
SECURITY INFO, 31.07.2018, Attacco Screaming Channels: i dati si leggono anche a 10 metri
threatpost, 08.08.2018, Black Hat 2018: Mixed Signal Microcontrollers Open to Side-Channel Attacks
Compared to conventional Side Channels, the Screaming Channels leak is strong and broadcast over a potentially long distance by the radio. Hence the attribute Screaming, in contrast with the Whisper of conventional channels.
Screaming Channels has been developed at EURECOM by
Giovanni Camurati,
Sebastian Poeplau,
Marius Muench,
Tom Hayes and
Aurélien Francillon.