The drive for ever smaller and cheaper components in microelectronics has popularized so-called "mixed-signal circuits," in which analog and digital circuitry are residing on the same silicon die. A typical example is WiFi chips which include a microcontroller (digital logic) where crypto and protocols are implemented together with the radio transceiver (analog logic). The special challenge of such designs is to separate the "noisy" digital circuits from the sensitive analog side of the system.
In this talk, we show that although isolation of digital and analog components is sufficient for those chips to work, it's often insufficient for them to be used securely. This leads to novel side-channel attacks that can break cryptography implemented in mixed-design chips over potentially large distances. This is crucial as the encryption of wireless communications is essential to widely used wireless technologies, such as WiFi or Bluetooth, in which mixed-design circuits are prevalent on consumer devices.
The key observation is that in mixed-design radio chips the processor's activity leaks into the analog portion of the chip, where it is amplified, up-converted and broadcast as part of the regular radio output. While this is similar to electromagnetic (EM) side-channel attacks which can be mounted only in close proximity (millimeters, and in a few cases a few meters), we show that it is possible to recover the original leaked signal over large distances on the radio. As a result, variations of known side-channel analysis techniques can be applied, effectively allowing us to retrieve the encryption key by just listening on the air with a software defined radio (SDR).