Breaking RSA Keys by Listening to Your Computer
An anonymous reader writes "Adi Shamir and crew gave a talk on preliminary results in extracting a private RSA key
just by listening to the computer!. Similar to power analysis and LED leakage, this is a non-invasive, side channel attack that may have applications to tamper-resistant systems. It appears to be related to noisy capacitors on the motherboard, an effect which has been observed when CPU power saving is enabled on laptops."
Does anyone know the range of how far you can be away from the computer to hear the sounds? The proof-of-concept website just seemed to be "look, here are pictures of computer operations... in sound! Yay!" without enlightening us on any details.
Twenty years ago at Bell Labs one of the speech machines (an SEL with homebrew audio i/o) had output to loudspeakers that went through unshielded speaker wires that ran past the CPU, so if you weren't playing anything back the speakers played back CPU noise. We could tell what stage a compilation was at by the noise that came over the speakers.
Even at a 96 kHz sampling rate, the maximum frequency that can be sampled is 44 kHz. How could one hope to extract a certain few bits from a recording when the CPU's instruction throughput is many times that? Most of the information that would need to be examined wouldn't make it onto the recording. Correct me if I'm wrong, but it seems Nyquist leaves this idea dead in the water.
If you really want to do some acoustic evesdropping, listen to the keyboard. It's got a much larger signal to begin with (from across the room, instead of having to paste your ear to the computer case.) Since there are always slight mechanical differences between keys on any given keyboard, I would think that the sound spectrum would also be slightly different. Being able to always listen in on the same user would also help, since most people are somewhat consistent regarding which finger they use on which key. (Evesdropping on people who were smart enough to take a touch-typing class in high school is also a big plus.)
Assuming you could discern between the acoustic fingerprint of 100 different keys, then it's just a matter of figuring out which sound goes with which key. It's a simple substitution cypher, which are almost trivial to break.
Sneak your cell phone into your boss's office, set it to silent mode and plug in a headset so that you can set it to auto-answer when a call comes in. Then, while your boss is busy typing dirty notes to his mistress, you call your cell phone, start recording it, and presto, you've got a keylogger without ever having touch his computer or the software on it. Then, at your next performance review, you convince him to give you a hefty raise.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
R = Ron Rivest
S = Adi Shamir
A = Len Adleman