Acoustic cryptanalysis

web_classroomThis is not neuroscience, but still quite baffling. Did you know your CPU is possibly emitting sounds (at 10KhZ+) that reveal not only activity, but also which type of computations are performed? As has been demonstrated by Genkin et al., in the worst case, this can be used to actually snoop a RSA secret key from a computer decrypting texts with this key.

The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Check the authors’ page&paper: http://tau.ac.il/~tromer/acoustic/

This particular attack was tailored to GnuPG, which has been patched concurrently with the release of this paper to prevent these attacks in the future.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *