Contributed by Hassan Salmani; University of Connecticut


Modulating an (unused) pin on a chip generates an RF signal. This signal can be used to transmit the key bits. This attack is performed at 1560KHz and can be received with an ordinary AM radio. The data carried by the AM signal needs to be easily interpreted by a human. A beep scheme is utilized where a single beep followed by a pause represents a ‘0’ and a double beep followed by a pause represents a ‘1’. A description on detail implementation of AM transmission can be found at [1]. In this implementation, the Trojan gets activated when a predefined input plaintext is observed.