In RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [PDF], a paper by Daniel Genkin and Eran Tromer of Tel Aviv University and Adi Shamir, the authors show that a sensitive microphone (such as the one in a compromised mobile phone) can be used to infer a secret cryptographic key being used by a nearby computer. The computer's processor emits different quiet sounds ("coil whine...caused by voltage regulation circuits") as it performs cryptographic operations, and these sounds, properly analyzed, can reveal the key.
It's a pretty stunning attack, the sort of thing that sounds like science fiction. But the researchers are unimpeachable (Shamir is the "S" in RSA), and their paper is very clear.
The techniques they demonstrated certainly aren't viable for casual attacks. Still, as Wednesday's updates from GnuPG attest, they represent a realistic threat for people who use cryptographic software and devices in certain settings. The researchers outline several countermeasures application developers can implement to prevent computers from leaking the secret keys in acoustic emanations, namely a technique known as RSA ciphertext randomization. People who rely on cryptography applications should check with the developers to make sure they're not susceptible. In the meantime, end users shouldn't assume that running a computer in a noisy environment will prevent attacks from working, since acoustic emanations that leak secret keys can often be filtered.
New attack steals e-mail decryption keys by capturing computer sounds [Dan Goodin/Ars Technica]
Random number generators are the foundation of cryptography — that’s why the NSA secretly sabotaged the RNG standard that the National Institute for Standards and Technology developed.
When a computer stops behaving, the solution often involves looking up an obscure command and pasting it into the terminal — even experienced administrators and programmers aren’t immune to this, because remembering the exact syntax for commands you use once every couple years is a choresome task.
Phil Mocek filed a public records request to find out how Seattle’s new smart meters — supplied by Landis and Gyr — will work. As Mocek writes, these meters are based on “unspecified and unverifiable sensors that monitor activity inside of private property and can communicate collected information in real-time to unspecified machines in remote […]
Jared Sinclair developed the RSS reader app Unread, which made $10,000 in its first 24 hours on the iOS market. And we’ve all heard the story of Flappy Bird developer Dong Nguyen, whose creation was reportedly earning $50,000 a day at the height of its 2013 explosion. While those are rare examples, they’re also testament to the […]
If you or your company’s IT system are besieged by black hat cyber attacks, an ethical hacker might be all that stands between crippling damage and a company’s long-term prosperity. It’s no wonder that the market for IT security specialists is exploding. Certification is the key – so learn the tenets of ethical hacking and get […]
Your laptop and mobile devices are top of the line…so why are you trotting out that raggedy decades-old suitcase when you go somewhere? Time to up your travel game with a complete 5-piece Herschel Travel Luggage bundle…and we’ll even give it to you for free!Of course, you’ve got to win the Ultimate Herschel Travel Bundle […]