FYI.

This story is over 5 years old.

This Pita Bread Can Hack Your Computer

Researchers at Tel Aviv University have found a way to steal data from laptops using a gadget that fits inside a pita bread. This may be the last time you order the hummus dipping platter.
Phoebe Hurst
London, GB
June 23, 2015, 12:51pm

We used to be worried about our wallets being swiped on public transport or fraudsters sifting through our wheelie bins for old bank statements, but in The Age of the Internet, all that important stuff—credit card details, identity numbers, incriminating selfies—is on our laptops.

Impossible to tangibly bolt down, recent new stories of a cyber "war" between the US and China would have us believe our data is under constant threat from faceless hackers. Even the hallowed domain of pizza delivery isn't safe. Last year 600,000 Domino's customers in Belgium and France had their personal data held at ransom.

Advertisement

But hey, at least we can seek solace in actual food. Pepperoni slices won't leak our bank details. Croissants aren't going to be subject to a North Korean cyber attack.

READ MORE: If You're Going to Hack Domino's, Don't Do This

Well, that was until a group of scientists decided to bring baked goods into this whole sorry mess. New research from Tel Aviv University has established a way to steal data from laptops using a gadget that fits inside a pita bread.

Dubbed the "Portable Instrument for Trace Acquisition" (or PITA, geddit?), the device monitors the radio signals given off by a laptop's central processing unit.

Researchers at the university's School of Computer Science found that each operation of a computer (playing a game, decrypting a file, pretending to work on that overdue spreadsheet) has its own characteristic pattern of radio activity.

By monitoring these patterns of electromagnetic radiation, the team were able to tell when a laptop was decrypting specific emails and work out the password used to secure this data. With PITA, would-be hackers could grab passwords for a number of widely used encryption programs within "a few seconds."

An annotated image of the researchers

An annotated image of the researchers "PITA" device. Photo courtesy Tel Aviv University.

"It's an interesting use of existing technology in a cheap and rough-and-ready way to extract data leaking from a machine, based on electromagnetic radiation from the CPU," explains Dr. Tim Stevens, teaching fellow at King's College London and author of the forthcoming Cyber Security and the Politics of Time. "I had no idea it was actually even possible."

Advertisement

Apart from bossing the catchy acronym game, the researchers chose pita bread as a cover for their device to ensure it was "compact" and could "operate untethered," as well as being "easily concealed." PITA works from a distance of around 50 centimetres (approximately double the amount of elbow room you have during your average Saturday brunch service).

"It's great from 50 centimetres but presumably, this presently doesn't scale very well. It's all very well to drop it down on the table next to someone in Starbucks but they're going to need to bump up the power of this thing for it to be of any use," says Stevens. "The further way you get, the more interference you're going to get from other devices."

While other experts have also questioned the device's reach (Steve Armstrong of IT security company Logically Secure told The Register he would only be impressed if they could manage it "at ten metres in a different room"), PITA is far smaller than other gadgets of its kind and relatively cheap to make.

Stevens also notes that however sophisticated hackers may become, it is often physical infiltrations—like a casual pita drop—that play the crucial role in a cyber attacks.

READ MORE: Restaurant Patrons Are Worried About Being Spied On Through iPads

"The easiest way to get into someone's system is to get someone to take a USB stick or dongle physically into a building or installation and get them to insert it into a device, at which point the code enters the system," he explains. "That final yard, as it were, sometimes has to be breached in a very human, traditional fashion. This [PITA] is all part and parcel of this kind of interaction between the physical and the informational."

Forget about the bots and black hats, it's the loaf of rye bread we need to be worried about.