In RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [PDF], a paper by Daniel Genkin and Eran Tromer of Tel Aviv University and Adi Shamir, the authors show that a sensitive microphone (such as the one in a compromised mobile phone) can be used to infer a secret cryptographic key being used by a nearby computer. The computer's processor emits different quiet sounds ("coil whine...caused by voltage regulation circuits") as it performs cryptographic operations, and these sounds, properly analyzed, can reveal the key.
It's a pretty stunning attack, the sort of thing that sounds like science fiction. But the researchers are unimpeachable (Shamir is the "S" in RSA), and their paper is very clear.
The techniques they demonstrated certainly aren't viable for casual attacks. Still, as Wednesday's updates from GnuPG attest, they represent a realistic threat for people who use cryptographic software and devices in certain settings. The researchers outline several countermeasures application developers can implement to prevent computers from leaking the secret keys in acoustic emanations, namely a technique known as RSA ciphertext randomization. People who rely on cryptography applications should check with the developers to make sure they're not susceptible. In the meantime, end users shouldn't assume that running a computer in a noisy environment will prevent attacks from working, since acoustic emanations that leak secret keys can often be filtered.
New attack steals e-mail decryption keys by capturing computer sounds [Dan Goodin/Ars Technica]
40 years ago, antitrust law put strict limits on mergers and acquisitions, but since the Reagan era, these firewalls have been dismantled, and now the biggest companies grow primarily by snapping up nascent competitors and merging with rivals; Google is a poster-child for this, having only ever created two successful products in-house (search and Gmail), […]
Matt Carthy is a Sinn Fein MEP from Eire; he's standing for re-election in the upcoming EU elections and has had fliers prepared with his headshot.
I'm coming to Halifax to give the closing keynote on day one of Atlseccon on April 24th: it's only my second-ever visit to the city and the first time I've given a talk there, so I really hope you can make it!
For musicians, clubgoers or anyone in the thick of a loud environment, earplugs aren’t just an option. If you plan on keeping your hearing through sustained exposure to levels over 85 decibels (roughly the sound of a blender), they’re a must. The good news is, most earplugs will muffle the sound. The bad news is, […]
Seasoned chefs have a bit of a love-hate relationship with their cutlery. A really good set of knives has to prove its worth by being put through the wringer – and if they’re really good, they’ll still look great afterward. So it is with the Damasukasu Japanese 3-Piece Master Chef Hanshu Knife Set. Sitting in […]
With the intuitive software out there today, anyone can become a music producer. You’ve probably heard that from any number of laptop impresarios, but you still have to know how to use the tools – and Logic Pro X is one of the best platforms out there right now. In order to get the most […]