Screaming Channels: When TEMPEST Meets Side Channels and Wireless Security
TEMPEST attacks are a well-known threat that consists of spying on an electronic device through its unintended physical emissions. Physical emissions are also used by side-channel attacks to break cryptographic implementations. However, while TEMPEST attacks have been demonstrated at large distances (e.g., several meters), side-channel attacks generally work only in the proximity of the target (e.g., mm to 1m) as they rely on very weak signals. In this talk, we will see that mounting side-channel attacks at a large distance is sometimes possible. This happens when the radio signals intentionally emitted by a wireless interface accidentally contain side-channel information about the digital activity of the chip. Indeed, modern connected devices often use a mixed-signal architecture where analog/radio-frequency components lay on the same silicon die as the digital blocks and suffer from their interference.