[sqldba]

I read it a few times and still don't understand how you can get like the 4k of private key data or whatever it is out of a radio signal - and they don't even mention keys they're talking about the algorithm itself.

Totally don't get it in the slightest.

[buu700]

https://en.wikipedia.org/wiki/Timing_attack. (Also, AES-256 keys are only 32 bytes, not 4 KB.)

[JoachimSchipper]

That gives the correct flavour, but note that we use a different side-channel than timing - this is really a hardware attack, so we e.g. pick up 0->1 transitions in the address bus.

[buu700]

Ah, thanks for clarifying that; I'd just assumed it was timing from a quick skim.