Feeds

Code-busters lift RSA keys simply by listening to the noises a computer makes

Don't put your mobe down by your machine. In fact just chuck it in the river

The Essential Guide to IT Transformation

Computer scientists have shown how it might be possible to capture RSA decryption keys using the sounds emitted by a computer while it runs decryption routines.

The clever acoustic attack was developed by Adi Shamir (the "S" in RSA) of the Weizmann Institute of Science along with research colleagues Daniel Genkin and Eran Tromer and represents the practical fulfillment of an idea first hatched nearly 10 years ago. Back in 2004 Shamir and his colleagues realised that the high-pitched noises emitted by computers could leak sensitive information about cryptographic computations.

At the time they established that different RSA keys induce different sound patterns but they weren't able to come up with anything practical. Fast forward 10 years and the researchers have come up with a practical attack using everyday items of electronics, such as mobile phones, to carry out the necessary eavesdropping. The attack rests on the sounds generated by a computer during the decryption of ciphertexts selected by an attacker, as a paper RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis explains.

We describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed four meters away.

Put simply, the attack relies on using a mobile phone or other microphone to recover, bit by bit, RSA private keys. The process involves bombarding a particular email client with thousands of carefully-crafted encrypted messages, on a system configured to open these messages automatically. The private key to be broken can't be password protected because that would mean a human would need to intervene to open every message.

There are other limitations too, including use of the GnuPG 1.4.x RSA encryption software. And because the whole process is an adaptive ciphertext attack a potential attacker needs a live listening device to provide continuous acoustic feedback in order to work out what the next encrypted message needs to be. The attack requires an evolving conversation of sorts rather than the delivery of a fixed (albeit complex) script.

Mitigating against the complex attack requires simply using the more modern GnuPG 2.x instead of the vulnerable GnuPG 1.4.x encryption scheme, which ought to plug up the problem at least until more powerful attacks comes along.

"The Version 2 branch of GnuPG has already been made resilient against forced-decryption attacks by what is known as RSA blinding," explains security industry veteran Paul Ducklin in a post on Sophos' Naked Security blog.

Even aside from this all sort of things are likely to go wrong with the potential attack including the presence of background noise and the possibility that an intended target happens to have his or her mobile phone in their pocket or bag while reading encrypted emails on a nearby system.

Key recovery might also be possible by other types of side channel attacks, the crypto boffins go on to explain. For example, changes in the electrical potential of the laptop's chassis - which can be measured at a distance if any shielded cables (e.g. USB, VGA, HDMI) are plugged in because the shield is connected to the chassis - can provide a source for analysis at least as reliable as emitted sounds. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.