The Pita Ploy: Hackers Steal Sensitive Information Using Pita Bread-Sized Device
However cool it may feel to sip your latte and write your business proposal from a café, this urban luxury may be no luxury at all. According to new research from Tel Aviv University, the person next to you nibbling on pita bread could be gaining access to sensitive encrypted information on your laptop computer, including passwords, credit card numbers and more.
Israeli researcher Dan Genkin and his team recently demonstrated that cheap and accessible radio equipment, the size of pita bread, can be used to read electromagnetic pulses off of your keyboard as you type. The team discovered that the pulses, given off by a computer’s central processing unit as it deals with information, have characteristic patterns of radio activity that could be used by hackers to decrypt your private information.
A portable hacking device, inside a pita
In their research paper, Genkin and his team present the equipment needed, almost all of which is available for purchase at standard electronics stores, the assembly process and even the instructions of how to fit their PITA system into pita bread. While you may be thinking ‘pita bread is pretty random’, the researchers got the idea to put their decryption system into a piece of pita bread after coming up with the name for the system, Portable Instrument for Trace Acquisition (PITA). ‘Portable’ is really the key word here, because the system can detect most computers’ electromagnetic pulses remotely, while the hacker is in motion.
PITA is able to pick up on keys used in a number of encryption programs and algorithms to protect data. This gives hackers the ability to access passwords, encoded documents, bank account numbers and other sensitive information without having to wait for the user to punch in the keys.
There are limitations to the system, which is a good thing. Made evident in the team’s trials was the fact that hackers can only access information on a laptop computer situated 50 centimeters away, about 1 ft. 8 in. That means that the hacker would likely have to be in the same room as the computer, and sitting very close to it. In addition, the tests were conducted on PC computers, and not Macs, with little protection or grounded metal screens that contain radiation.
It’s also important to note that a hacker couldn’t just sit down, or walk buy your computer and generate the encryption codes in a matter of seconds. The encryption codes must be triggered with a trick email or message from the hacker, whereby they are able to detect the electromagnetic waves, albeit in a matter of seconds. So if you’re smart enough not to open an email from a strange address, or to inspect your neighbor’s pita bread, this eerie pita ploy may not have an effect on you.
Photo: Tel Aviv University/ Jay