Fork me on GitHub

Screaming Channels

When Electromagnetic Side Channels Meet Radio Transceivers


Screaming Channels is a project that investigates long-distance side-channel attacks on radio signals emitted by mixed-signal chips. Up to now, our best result is a full key recovery from 10 m (Bluetooth dongle, TinyAES 128, anechoic room). We make our setup and code public so that others can reproduce and improve our results.

In a nutshell, Screaming Channels is based on these remarks:

  • Mixed-signal circuits are popular (cheap integrated solution for radio communication)
  • The digital part (noisy) is close to the analog/RF part (noise sensitive)
  • Propagation (e.g., substrate / power supply coupling to the Frequency Synthesizer / Power Amplifier)
  • Sensitive information regarding the digital activity flows to the radio where it is picked up and transmitted
  • Side-channel attacks possible at a considerable distance


Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurélien Francillon
To appear at the 25th ACM conference on Computer and communications security (CCS), Toronto, Canada
PDF Bibtex Black Hat USA 2018 talk Black Hat USA 2018 Slides ACM CCS 2018 talk


In order to make our results fully reproducible, we have made our setup and code (as well as some traces) public. You can find this and a detailed README guide on git.


Full key recovery now working from 10 m in an anechoic room (Bluetooth dongle, TinyAES 128).
Giovanni Camurati and Marius Muench presented the Screaming Channels project at Black Hat USA 2018, on August 9 afternoon in Las Vegas (USA).
Giovanni Camurati presented Screaming Channels at ACM CCS 2018.
Sebastian Poeplau presented Screaming Channels at CSAW 2018 and won the 3rd place at CSAW Europe 2018 Applied Research Competition.
Marius Muench presented Screaming Channels at GreHack 2018.
Giovanni Camurati presented Screaming Channels at RESSI 2019
Giovanni Camurati presented Screaming Channels at Journée thématique « Sécurité des systèmes électroniques et communicants » 21 mai 2019, Paris – Jussieu


Screaming Channels?

Compared to conventional Side Channels, the Screaming Channels leak is strong and broadcast over a potentially long distance by the radio. Hence the attribute Screaming, in contrast with the Whisper of conventional channels.


Screaming Channels has been developed at EURECOM by Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes and Aurélien Francillon.


Feel free to contact for any question.


The authors acknowledge the support of SeCiF project within the French-German Academy for the Industry of the future as well as the support by the DAPCODS/IOTics ANR 2016 project (ANR-16-CE25-0015). We would like to thank the FIT R2lab team from Inria, Sophia Antipolis, for their help in using the R2lab testbed.