I noticed some amazing work published earlier this week by researches from EUROCOM, and to be presented at ACM CCS 2018. They were able to recover encryption keys from an IoT type SoC from noise leaked onto the chip’s Bluetooth radio’s RF output. This would allow, for example, compromise of otherwise encrypted communications from IoT devices remotely and passively. With a high gain antenna the attack could be performed at some distance. They’ve also released the code used to extract the side-channel data. It uses a Software Defined Radio connected to laptop.

The implication from this work is that more attention needs to be paid to noise isolation between digital circuitry and radio interfaces on the same chip.