In RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [PDF], a paper by Daniel Genkin and Eran Tromer of Tel Aviv University and Adi Shamir, the authors show that a sensitive microphone (such as the one in a compromised mobile phone) can be used to infer a secret cryptographic key being used by a nearby computer. The computer's processor emits different quiet sounds ("coil whine...caused by voltage regulation circuits") as it performs cryptographic operations, and these sounds, properly analyzed, can reveal the key.
It's a pretty stunning attack, the sort of thing that sounds like science fiction. But the researchers are unimpeachable (Shamir is the "S" in RSA), and their paper is very clear.
The techniques they demonstrated certainly aren't viable for casual attacks. Still, as Wednesday's updates from GnuPG attest, they represent a realistic threat for people who use cryptographic software and devices in certain settings. The researchers outline several countermeasures application developers can implement to prevent computers from leaking the secret keys in acoustic emanations, namely a technique known as RSA ciphertext randomization. People who rely on cryptography applications should check with the developers to make sure they're not susceptible. In the meantime, end users shouldn't assume that running a computer in a noisy environment will prevent attacks from working, since acoustic emanations that leak secret keys can often be filtered.
New attack steals e-mail decryption keys by capturing computer sounds [Dan Goodin/Ars Technica]
So, that huge hack of 500 million Yahoo user accounts last week that Yahoo blamed on a “state-sponsored actor”? A private internet security firm is calling bullshit on the “state-sponsored” part.
After last week’s revelation of a record-smashing breach at Yahoo (which the company covered up for years), security researcher Matt Blaze tweeted: “Sorry, but if you have a Yahoo account, you will need to find a new mother, and have grown up on a different street.” Ha, ha, only serious.
I’ve been going to O’Reilly conferences since the first P2P conference in 2001; for 15 years, they’ve been blowing my mind.
Vaping is getting more mainstream by the day, which means there’s been an influx of quality yet affordable vaporizers on the market. We’re particularly excited about the APX Wax Vaporizer Kit, which is an easy-to-use, high-quality vape that works with both dry herbs and waxy concentrates.If you’re a beginner trying to get into vaping, the APX […]
When you’ve had a long day and it’s time to unwind, there’s a lot you can do to relax: drink some tea, take a shower or even read a book. But there’s one thing that’s essential to a comfortable night’s rest—and that’s investing in some really good sheets. Enter Bamboo Bed Sheets. These quality sheets retail for $120, but […]
The Avantree Powerhouse 4 Port Fast USB Charging Station brings high quality, high power, and still keeps your work space or home looking neat and organized. The best part about this charger is its capacity. It comes packing 4 USB charging sockets and a powerful 4.5A/22.5W output.. Its smartport technology means you don’t have to worry about frying your battery, either—it […]