Pita Bread Munchers Could Steal Bitcoins from Public Laptops

[MicroGuy]

Your days of placing PGP encrypted drug orders in public, and paying for those Darknet purchases in Bitcoin, might be numbered. Don’t look now, but there’s a hacker behind you sinking his jaws into a new crypto-robbing pita bread – and he wants your Bitcoin wallet for dessert.

Researchers at Tel Aviv University and Israel’s Technion research institute have developed a palm-sized device that can wirelessly steal data from nearby laptops using the radio waves leaked by the machine’s processor.

Team member Evan Tromer says his group is working to extend the device’s capabilities to include stealing bitcoin keys.

Tromer says the group is also exploring whether the technique could be adapted and made more widely applicable, too, even allowing the theft of bitcoins by stealing the private keys created by users’ “wallet” programs.

The setup, which they’ve called the Portable Instrument for Trace Acquisition (PITA), fits inside an ordinary pita bread. While that may not make for the most common attack scenario, it is compact, works with both white and wheat, and operates untethered. This makes for a lethal weapon that can be easily hidden, especially inside sandwich shops.

Their crusty spy bug, built for less than $300, is designed to allow anyone to “listen” to the accidental radio emanations of a computer’s electronics from 19 inches away and capture the user’s secret decryption keys, enabling attackers to read the user’s encrypted communications.

The researchers have perfected a method for stealing keys from laptops running open source GnuPG within seconds. Their next experiments will involve perfecting a wireless Bitcoin wallet attack.

Original Story: http://altcoinpress.com/2015/06/pita-bread-munchers-could-steal-bitcoins-from-public-laptops/

[1713241462]

1713241462

[1713241462]

1713241462

[1713241462]

1713241462

[1713241462]

1713241462

[OROBTC]

...

MicroGuy

That PITA threat looks like more of a threat to online wallets more than with cold storage hardware devices like Trezor and Ledger Nano. 

If you keep your BTC holdings to a small amount in your hot wallet, then that seems to all that would be at risk.

[Correct me if I am wrong]

[franky1]

not sure if OP is trolling, or found an article wrote by a comedian..

[pooya87]

not sure if OP is trolling, or found an article wrote by a comedian..

it looks like this news is everywhere! http://www.bbc.com/news/technology-33229424

it is not that impressive either, it is not actually that small and does not fit "inside the bread" it is the same size of a bread (see the pictures) it fits in the pocket and it need to be so close to do the stealing.

i'll kick the ass of whoever stands in 50cm distance of my laptop!

i am also skeptical about the way it steals the keys unless i read more about it's technical stuff, and the fact that what exactly on my laptop emits those signals.

[SebastianJu]

Pretty surely it only can steal anything that is worked on in the cpu. So when you send a bitcoin transaction in the sandwich shop and the scammy seller behind the bar has such a device, then he might get the private key for the sending address. Which should only be a problem as long as the address is still filled after that. So if you use change addresses then you are fine.

Unfortunately change addresses are a superb tool to connect all the addresses that belong to a wallet. Destroying anonymity on the way.

[QuestionAuthority]

You could put your laptop in a faraday cage. Or



You could use this cooling mat to block the rf energy and save your twig and two berries from unnecessary radiation.

[poncho32]

not sure if OP is trolling, or found an article wrote by a comedian..

it looks like this news is everywhere! http://www.bbc.com/news/technology-33229424

it is not that impressive either, it is not actually that small and does not fit "inside the bread" it is the same size of a bread (see the pictures) it fits in the pocket and it need to be so close to do the stealing.

i'll kick the ass of whoever stands in 50cm distance of my laptop!

i am also skeptical about the way it steals the keys unless i read more about it's technical stuff, and the fact that what exactly on my laptop emits those signals.

Years ago people could read what was on a computer screen by decoding the RF emissions it gave out. If all they are doing is reading what's visible on a screen then I'm not that impressed,. I'm not aware of any significant RF emissions given out by CPUs but I'm impressed if that's what they are decoding.

[jjacob]

It is nice to see that Bitcoin is deemed important enough by the developers.. so important that they are working on increasing the device's capabilities to steal Bitcoin private keys. This device would be more relevant in actual spying.

[galbros]

I think I'm going to file this under things I'm not going to worry about.  Thanks for the info all the same, it does look like amazing technology.

[scarsbergholden]

I'll just keep my hot wallet coins on my trezor or a carry around amount on my phone, I am not worried about it at all. People who keep all of their coins in a hot wallet on a laptop are crazy anyways.

pita breads hackers could take over your trezor no problem, beware of the pita group taking over bitcoin, lol jking but for real i have seen a few people with their bitcoin wallets open on coffee shops like is all good, is like putting your wallet open in a table just waiting to see whos gonna take a shot at it.

[AGD]

not sure if OP is trolling, or found an article wrote by a comedian..

it looks like this news is everywhere! http://www.bbc.com/news/technology-33229424

it is not that impressive either, it is not actually that small and does not fit "inside the bread" it is the same size of a bread (see the pictures) it fits in the pocket and it need to be so close to do the stealing.

i'll kick the ass of whoever stands in 50cm distance of my laptop!

i am also skeptical about the way it steals the keys unless i read more about it's technical stuff, and the fact that what exactly on my laptop emits those signals.

Years ago people could read what was on a computer screen by decoding the RF emissions it gave out. If all they are doing is reading what's visible on a screen then I'm not that impressed,. I'm not aware of any significant RF emissions given out by CPUs but I'm impressed if that's what they are decoding.

It was this one: http://www.tomsguide.com/us/airhopper-data-radio-waves,news-19865.html
These techniques are used by LE already for years.
Tip: Instead of people wearing that tinfoil on their head, they can now use it to wrap their computer and monitor to be safe.
To be even more secure, you can extend the tinfoil use against possible future attacks:

[Gervais]

Did they really have to put it in a pitta bread? I mean seriously? Regardless, I think there's going to be a real issue with using your bitcoins over public wifi. Even an entry level hacker can get into your computer very easily when you use public wifi.

[tokeweed]

not sure if OP is trolling, or found an article wrote by a comedian..

A little of both.

[S4VV4S]

Did they really have to put it in a pitta bread? I mean seriously? Regardless, I think there's going to be a real issue with using your bitcoins over public wifi. Even an entry level hacker can get into your computer very easily when you use public wifi.

I don't think they put it in a pitta bread.
They just said it fits in a pitta bread

[gmaxwell]

Bitcoin Core uses signing which is constant time, constant memory access, and hardened in several other ways against side-channel private key leaks-- and specifically designed to resist these attacks. Actually being leak free also depends on the hardware, but at least in Bitcoin Core the software side of it is much more robust than the kinds of systems they were attacking here.

[Yeah?]

Seems like fud. No doubt we'll get a load of trolls panicking about this now.

[Gervais]

Did they really have to put it in a pitta bread? I mean seriously? Regardless, I think there's going to be a real issue with using your bitcoins over public wifi. Even an entry level hacker can get into your computer very easily when you use public wifi.

I don't think they put it in a pitta bread.
They just said it fits in a pitta bread

I think they could have used something better as an example or to compare it to. Nobody measures the sizes of things in pittas.

[SebastianJu]

Bitcoin Core uses signing which is constant time, constant memory access, and hardened in several other ways against side-channel private key leaks-- and specifically designed to resist these attacks. Actually being leak free also depends on the hardware, but at least in Bitcoin Core the software side of it is much more robust than the kinds of systems they were attacking here.

A core developer saying that should lay worries to rest. Though even though you say bitcoin is more secure against such potential attacks i wonder if one shouldnt be worried because they claim they perfected stealing pgp-keys. pgp should be really secure too, because of their use cases.

Ok, ill believe you on that anyway. Only wondering why PGP is vulnerable. Its a security software. And they sound pretty confident to being able hack private keys. Why would they when they dont see a chance or tested, before they release it to the press, that they work on it?

Maybe they mentioning bitcoin private keys is only a help for spreading the news. 

[S4VV4S]

Did they really have to put it in a pitta bread? I mean seriously? Regardless, I think there's going to be a real issue with using your bitcoins over public wifi. Even an entry level hacker can get into your computer very easily when you use public wifi.

I don't think they put it in a pitta bread.
They just said it fits in a pitta bread

I think they could have used something better as an example or to compare it to. Nobody measures the sizes of things in pittas.

That's the machine?
It's still not IN the pitta though

Yeah, they could have used a better comparison.

[gmaxwell]

A core developer saying that should lay worries to rest. Though even though you say bitcoin is more secure against such potential attacks i wonder if one shouldnt be worried because they claim they perfected stealing pgp-keys. pgp should be really secure too, because of their use cases.
Ok, ill believe you on that anyway. Only wondering why PGP is vulnerable. Its a security software. And they sound pretty confident to being able hack private keys. Why would they when they dont see a chance or tested, before they release it to the press, that they work on it?
Maybe they mentioning bitcoin private keys is only a help for spreading the news. 

Read the actual report, in particular http://www.tau.ac.il/~tromer/radioexp/  Q11 and Q8.