Feeds

Code-busters lift RSA keys simply by listening to the noises a computer makes

Don't put your mobe down by your machine. In fact just chuck it in the river

5 things you didn’t know about cloud backup

Computer scientists have shown how it might be possible to capture RSA decryption keys using the sounds emitted by a computer while it runs decryption routines.

The clever acoustic attack was developed by Adi Shamir (the "S" in RSA) of the Weizmann Institute of Science along with research colleagues Daniel Genkin and Eran Tromer and represents the practical fulfillment of an idea first hatched nearly 10 years ago. Back in 2004 Shamir and his colleagues realised that the high-pitched noises emitted by computers could leak sensitive information about cryptographic computations.

At the time they established that different RSA keys induce different sound patterns but they weren't able to come up with anything practical. Fast forward 10 years and the researchers have come up with a practical attack using everyday items of electronics, such as mobile phones, to carry out the necessary eavesdropping. The attack rests on the sounds generated by a computer during the decryption of ciphertexts selected by an attacker, as a paper RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis explains.

We describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed four meters away.

Put simply, the attack relies on using a mobile phone or other microphone to recover, bit by bit, RSA private keys. The process involves bombarding a particular email client with thousands of carefully-crafted encrypted messages, on a system configured to open these messages automatically. The private key to be broken can't be password protected because that would mean a human would need to intervene to open every message.

There are other limitations too, including use of the GnuPG 1.4.x RSA encryption software. And because the whole process is an adaptive ciphertext attack a potential attacker needs a live listening device to provide continuous acoustic feedback in order to work out what the next encrypted message needs to be. The attack requires an evolving conversation of sorts rather than the delivery of a fixed (albeit complex) script.

Mitigating against the complex attack requires simply using the more modern GnuPG 2.x instead of the vulnerable GnuPG 1.4.x encryption scheme, which ought to plug up the problem at least until more powerful attacks comes along.

"The Version 2 branch of GnuPG has already been made resilient against forced-decryption attacks by what is known as RSA blinding," explains security industry veteran Paul Ducklin in a post on Sophos' Naked Security blog.

Even aside from this all sort of things are likely to go wrong with the potential attack including the presence of background noise and the possibility that an intended target happens to have his or her mobile phone in their pocket or bag while reading encrypted emails on a nearby system.

Key recovery might also be possible by other types of side channel attacks, the crypto boffins go on to explain. For example, changes in the electrical potential of the laptop's chassis - which can be measured at a distance if any shielded cables (e.g. USB, VGA, HDMI) are plugged in because the shield is connected to the chassis - can provide a source for analysis at least as reliable as emitted sounds. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.