RSA Keys Can Be Harvested With Microphones

Researchers have now demonstrated that even with modern laptop, desktop, and server computers, an inexpensive attack can harvest 4,096-bit encryption keys using a parabolic microphone within 33 feet -- or even from 12 inches away, using a cellphone microphone. An anonymous reader quotes this article from The Register: In both cases it took an hour of listening to get the 4,096-bit RSA key... As a computer's processor churns through the encryption calculations, the machine emits a high-frequency "coil whine" from the changing electrical current flowing through its components... The team recommends encryption software writers build in "blinding" routines that insert dummy calculations into cryptographic operations. After discussions with the team, GNU Privacy Guard now does this.

I'm safe!

Even if they have my RSA keys, they don't have my RSA locks!

Re:I'm safe!

[jmccue]

Glad I stuck to my guns and stayed with rot13

Re:I'm safe!

I insist on the Cone of Silence!

Re: I'm safe!

Sure... "Why don't we just stop hackers" we can stop the hackers like we stopped the bootleggers and the pot dealers and the mp3 leeches and the..

Maybe if we just declare "war" on them they will go away

Whatever the case, using actual techniques to protect ourselves, well THAT is just crazy talk ~snark

Re:I'm safe!

No, that's much too easy to solve. You need go to for HIGH security -- DOUBLE rot-13 is twice as secure!

Get a stronger PSU

Then you won't likely get coil whine as much.

Must be harder to acquire on laptops since they can also use battery as a power source :)

Re:Get a stronger PSU

33 feet which is 10 meters, easy to spot, hardly "low key" (ehm) eves dropping.

I would imagine the eves dropper would get a bloody nose before getting to the door. All this fancy tech can be beaten by a low tech method. A blow to the face. The same low tech method can also obtain passwords from victims.

Re:Get a stronger PSU

[KiloByte]

Just look at the open source, and then adapt your eves dropping to accommodate. This is where closed source prevails. No leaking implementation details.

Some of us know how to RTFB.

Re:Get a stronger PSU

[geekmux]

33 feet which is 10 meters, easy to spot, hardly "low key" (ehm) eves dropping. I would imagine the eves dropper would get a bloody nose before getting to the door...

I'll remember you said that when you discover that "innocent" cell phone charger sitting in the corner of your office is actually a microphone with a 64GB microSD card and SIM card inside, dumping a day's worth of key listening across a covert channel, to include your voice conversations.

Or perhaps the device listening will be your cell phone itself. After all, those never get hacked.

Perhaps you should start considering the fact that it's hardly a human sitting in the room listening to high-frequency whine, nor does it need to be. Good luck with your bloody nose defense.

Re:Get a stronger PSU

[wonkey_monkey]

The Open source implementation Is WEAKER since we now know HOW they perform the DUMMY CALCULATIONS.

Yes, because obviously they were going to perform exactly the same dummy calculations every time in exactly the same place.

Oh, no, wait, not everyone is as dumb as you.

Re:Get a stronger PSU

Have you checked the GNU Privacy Guard implementation? Perhaps they do. Many eyes and all that eh? Go check, let me know what you find.

Re:Get a stronger PSU

[PPH]

Stronger PSU -> Bigger coils. It's the coil core that whines due to magnetostriction.

A laptop won't be of much help. There are a number of buck-boost voltage converters on the motherboard that provide all the different voltage levels needed by the CPU, memory, logic, etc. They use switch mode topologies, which incorporate coils. The alternative, linear regulators, produce a lot of heat due to inefficiency. So laptops are likely going to be better targets.

Re:Get a stronger PSU

[compro01]

Not if you're looking at a server in a datacentre. The bad guys can just rent a space in the next rack over and you're totally unaware that they're busy vacuuming up your keys for later exploitation.

Re: Get a stronger PSU

Wonkey monkey may not have done but ive got quite familiar with it over the last 3 days. Your assumption was pretty stupid to be fair. And incorrect.

Re:Get a stronger PSU

[EvilSS]

Not if you're looking at a server in a datacentre. The bad guys can just rent a space in the next rack over and you're totally unaware that they're busy vacuuming up your keys for later exploitation.

Just install some of those oldschool EMC storage towers that sound like jet engines running 24/7. Sure your DC employees will go deaf but your keys won't leak!

Re: Get a stronger PSU

Ahhhh the old clariions. Used to work on those.

Re:Get a stronger PSU

[Desler]

The term is EAVESDROPPING.

Re:Get a stronger PSU

It would be pretty easy to hide a parabolic mic in a suitcase with a fabric side, the sound goes through the fabric (some attenuation) but to the eye it's just a suitcase. The suitcase would probably have to be awkwardly placed like on a table or chair... might look kind of suspicious.

Re:Get a stronger PSU

[Lumpy]

If it has a self deploying parabolic microphone that aims at the target, I'll be firstly impressed, and secondly take it apart for the very cool servo deployable parabolic dish and aiming system.

Re:Get a stronger PSU

Perhaps you didn't read as far as where it even works with a sh1tty cell average phone mic (one not designed for this purpose) if it's place around ~30cm/1ft to the computer. Replace it with one with higher fidelity I imagine the distance could be extended to a less noticeable range (assuming it's not even one's own phone that gets hacked).

Re:Get a stronger PSU

You may be surprised to learn that the corner between walls, wall/ceiling or wall/floor can act like a parabolic lens for an incredibly small microphone

Re: Get a stronger PSU

Clariions were from the dissolution of Data General, did not become part of EMC until the 00's, and were relatively small and quiet.

He is probably referring to the old EMC Symmetrix Frames. They were hella impressive, but you were paying a quarter million bucks for a tera-byte of disk storage and losing several racks worth of floor space

Of course they were competing with IBM DASD systems so they were small and inexpensive in comparison

Re:Get a stronger PSU

Mobile phone chargers are micro usb and thunderbolt cables these days. It would be one nice piece of kit to fit a 64GB microSD card and SIM card in one of those cables without it looking odd.

Even so, clearly, the solution is to cover yourself and your office in tinfoil.

Re: Get a stronger PSU

Take care of the problem PhotonicInduction style.

Re:Get a stronger PSU

[Khyber]

If your outlet is in/near a corner, it's already got a half-assed parabolic to use. The casing could be modified to act like a stethoscope, no parabolic needed then.

Re: Get a stronger PSU

[EvilSS]

Yep! Couldn't recall what the brand name on them were. Had a customer (big health care org) that had a dozen or so of them on their DC floor. It was virtually impossible to have a conversation anywhere near that area of the data center. I imagine if OHSA ever somehow wondered in there they would have had the admins wearing hearing protection by the end of the day. I felt bad for the EMC tech who always seemed to be there replacing a drive or other parts on them. Poor bastard was probably deaf.

Re:Get a stronger PSU

Wouldn't a few big-ass caps across the output of the PSU go some way to reducing this (low-pass filtering)?

Also bigger coils in a stronger PSU would tend to mean heavier cores not running nearly as close to saturation (which is where things get noisy), so I would have thought that would actually reduce whine from magnetorestriction.

Of course if you were truly paranoid though you're best bet might be to get at the coils with some mechanical damping.

Re:Get a stronger PSU

This is where closed source prevails. No leaking implementation details.

I take it you don't do anything related to cryptography for a living. Your entire post is laughably ignorant, but let's directly address your last point anyhow...please say hello to my special friends GDB, LLDB, ptrace, KVM, etc. Good luck, champ. -PCP

Re:Get a stronger PSU

[PPH]

Saturation is more a factor of voltage, not current. But more current through an inductor requires a larger window (hole in core) and so more ferromagnetic material. Also, reducing saturation requires more winding turns (less volts per turn) and so a larger winding and bigger core. More core material will produce more sound, since magnetostriction is a percent change in the core dimensions due to flux density.

Mechanical damping is probably not feasible, since the materials (steel, nickel, cobalt, etc.) involved are very stiff and the damping structure would have to act against that. Encapsulating inductors in some sound deadening material could work. But it would interfere with thermal performance.

Re:Get a stronger PSU

[TheRaven64]

This kind of defence (and, indeed, the masking described in TFS) don't normally work against this kind of side-channel attack. They increase the noise, but there's still signal. All that they do is drive up the number of samples that you need to be able to run the analysis. If you're lucky, then the number of samples that they need is more than the number of samples that they can record in the available time, but for long-lived keys this can be a very long time. It's also worth noting that with this kind of thing you don't need to recover the entire key - if you have the public key, then you can quickly verify whether a guess at the private key is correct. Over time, as you record the samples, you gain a greater probability of each bit being 0 or 1. You run a directed brute force attack, with the bits with the least confidence being flipped more frequently.

Re:Get a stronger PSU

[TheRaven64]

It doesn't matter. The dummy calculations add noise. You can filter it out by taking more samples (this is a well-known countermeasure in the side-channel literature). The attack is already designed to work with a noisy source, the defence just makes it more noisy.

Re:Get a stronger PSU

Yeah, but then Colonel Heinz Brandt would probably shove it aside with his foot, spoiling the whole deal.

Re:Get a stronger PSU

[lsatenstein]

33 feet which is 10 meters, easy to spot, hardly "low key" (ehm) eves dropping. I would imagine the eves dropper would get a bloody nose before getting to the door...

I'll remember you said that when you discover that "innocent" cell phone charger sitting in the corner of your office is actually a microphone with a 64GB microSD card and SIM card inside, dumping a day's worth of key listening across a covert channel, to include your voice conversations.

Or perhaps the device listening will be your cell phone itself. After all, those never get hacked.

Perhaps you should start considering the fact that it's hardly a human sitting in the room listening to high-frequency whine, nor does it need to be. Good luck with your bloody nose defense.

Maybe we should go back to pen and paper and snail mail. Do you think that the microphone pickup of pen scratching could follow what was being written?
Why do we have to encrypt a file with AES and one key. Why not alternate allow encrypting 8/16 bytes with one key and the next 8/16 bytes with an alternative key. One algorithm or both could be AES, with the other, twofish. And use cypher block chaining.
 

Re:Get a stronger PSU

[gzuckier]

If your outlet is in/near a corner, it's already got a half-assed parabolic to use. The casing could be modified to act like a stethoscope, no parabolic needed then.

I wondered why the neighbor's satellite dish was pointed at my house, not the equator.

Re:Get a stronger PSU

Seems like you're forgetting about the charger brick that plugs into the outlet. Those things have a variety of shapes and sizes, and it seems like every model has its own

Re:Get a stronger PSU

33 feet which is 10 meters, easy to spot, hardly "low key" (ehm) eves dropping.

I would imagine the eves dropper would get a bloody nose before getting to the door. All this fancy tech can be beaten by a low tech method. A blow to the face. The same low tech method can also obtain passwords from victims.

I'll be happy to defeat the idiot who thinks eavesdropping is spelled eves dropping. I'll be happy to bash his ugly idiot face in as well.

Re:Get a stronger PSU

[geekmux]

33 feet which is 10 meters, easy to spot, hardly "low key" (ehm) eves dropping. I would imagine the eves dropper would get a bloody nose before getting to the door...

I'll remember you said that when you discover that "innocent" cell phone charger sitting in the corner of your office is actually a microphone with a 64GB microSD card and SIM card inside, dumping a day's worth of key listening across a covert channel, to include your voice conversations.

Or perhaps the device listening will be your cell phone itself. After all, those never get hacked.

Perhaps you should start considering the fact that it's hardly a human sitting in the room listening to high-frequency whine, nor does it need to be. Good luck with your bloody nose defense.

Maybe we should go back to pen and paper and snail mail. Do you think that the microphone pickup of pen scratching could follow what was being written? Why do we have to encrypt a file with AES and one key. Why not alternate allow encrypting 8/16 bytes with one key and the next 8/16 bytes with an alternative key. One algorithm or both could be AES, with the other, twofish. And use cypher block chaining.

Pen and paper? People are LAZY. They don't even type into their cell phones anymore, they speak to dictate commands, and use a fingerprint rather than a complex passcode. And while there are many of us that recognize the additional benefits of using multiple encryption methods/ciphers/algorithms, unless you make that the baseline, people will continue to be LAZY and do the bare minimum.

People despise real security because that takes effort to create those long complex passwords and remember them. It takes effort to remember where they put their 2FA token, so forget 2FA. It takes effort to click a few more buttons to encrypt backup files. I'm still amazed when I hear about someone being involved in an automobile accident how they would have been fine had they taken 5 seconds to buckle up. Even physical security can be a burden on the lazy human. Sad, but true.

Re:Get a stronger PSU

[peawormsworth]

Would it be possible to simply turn on a radio or have a random whine noise generating device?

Old news

[NotInHere]

How is this not a reiteration of this old attack from 2014: http://www.tau.ac.il/~tromer/h...

Re:Old news

It's a different side channel attack, by some of the same people from the same lab.

Re:Old news

Ex-fucking-actly. I read about this attack a long time ago and found out back then that GPG has already taken the "listening attack" into account in their software design.

First comment

Just kidding... Pretty scary fact

Play an MP3 at the same time

Play an MP3 at the same time so they get a audio download then send them a DCMA takedown notice :)

Play music at the same time

Since computers can play music, if worried about this, play music when using the computer. If the speakers are near the cpu (on a laptop most are), they would mean that one has to remove the music track before finding the signal. Try music that is more random making the process harder.

Re:Play music at the same time

[TheReaperD]

That most likely won't work as they can simply discard all noise not part of the frequency range they are looking for which is trivial if the other sounds don't emit that range. As these are ultra-high frequency sounds, no MP3s or even FLAC files will have them as these ranges are discarded to keep the file size down. You'd have to be running the ultra quality studio files to even have a chance of having these ranges play but, as these are ranges that humans can't hear, they are only going to be there by accident, not intent and you won't be able to tell if they do or don't. Now, it would be possible to create audio tracks with these ranges for the express purpose of fouling these sort of attacks but, there would need to be many of them so there can be some form of randomness to prevent prediction attacks. Updating encryption systems to add junk processes at random would be an easier method of thwarting these however, it will take some time for everyone to update.

Re:Play music at the same time

You don't necessarily have to be sophisticated in your use of high frequency sound playback as "shielding". Just play it loud enough that you spike the microphone all the way across the recording and voila, they can't extract any information from it.

Re:Play music at the same time

[jrumney]

Forgive my ignotance, but is this encryption running on a separate CPU with separate power supply coils etc from the mp3 decode?

Re:Play music at the same time

[TheReaperD]

The volume doesn't matter if you hit the right frequencies. With the wrong ones, they're usually still trivial to separate out on sophisticated equipment, though it might drown out a cell phone microphone. But, creating the audio files and playing them is fairly simple for anyone who knows what frequency range to hit. But, the simple act, much less the creation and implementation of these counter-measures puts it outside 90%+ of the worlds userbase. As usual, the biggest threat to IT security is the idiot between the keyboard and the chair.

Re:Play music at the same time

[TheReaperD]

No but, I get the impression from reading all of this that the decryption sequence can somehow be isolated from all of the other high frequency noise the CPU puts out while doing other tasks. Don't ask me how; that's out of my pay grade.

Re:Play music at the same time

[EndlessNameless]

They were sampling around 1.7 MHz for RSA keys.

Since human hearing tops out at 20-25 KHz, most speakers aren't built to emit sounds higher than maybe 30 KHz.

There isn't exactly a huge market for speakers in the ultrasonic range. I'm sure there are some niche cases, but don't expect to find usable hardware or audio samples at the local Best Buy.

Smart cards?

I wonder how vulnerable smart cards are. In particular, I've been using an YubiKey for most of my RSA needs.

How about?

How about eliminating coil while with some magical, new power components instead? It would be nice to get that C1e induced painful buzz in check. Is there a power supply brand which doesn't whine with C1e active?

Car analogy please

[wonkey_monkey]

Can someone explain, vaguely, possibly with a car analogy, how they go about determining keys with coil whine? Is it because the same calculations are made over and over as it churns through data encrypting/decrypting it, so after listening long enough some kind of clues can be gathered about what bytes are in the key? I mean, I assume it's not as a simple as listening and going "Ooh, 14.5Khz, that's 0xBE."

Re:Car analogy please

[Opportunist]

What happens in such attacks is that there are different calculation paths for different results, and by "watching" (or in this case, listening to) the CPU perform, you can tell what calculation paths it took and determine from this what input it used.

A vague analogy would be that the CPU is giving off long and short beeps, and by listening to them and noticing when and how long it beeps you can assemble something akin to a Morse alphabet.

Re:Car analogy please

[PopeRatzo]

Can someone explain, vaguely, possibly with a car analogy, how they go about determining keys with coil whine?

OK, imagine a '63 Bel Air with hydraulic suspension and a horn that plays "La Cucaracha". It is traveling from Modesto to the Reservoir at exactly 48mph. Now imagine a 2006 Mercedes G-Class with extra-large wheels and spinning hubs that is booming some old-school NWA. It is traveling from Oakland to the Reservoir at exactly 52 mph.

If someone had a listening device installed in both cars, the probability that the phrase, "You know, that Donald Trump makes some good points" would be heard approaches zero.

I hope that clears it up.

Re: Car analogy please

It's like a black hat strapping a microphone to the bumper of your car, and recording the engine noise, road noise, and any other traffic noise of your drives.

Then, you blindly drive to various destinations based on a note that is passed under your door every morning. You don't question the note, you just do what it says: drive to location X (and location X is always different and can be very far away).

When you get to the location, there is nothing to greet you, and in fact the location could be in the bottom of a lake, or in a forest with no roads (it is gibberish).

Regardless, you do this every day, for thousands of days. Read the note, go on a pointless drive to a new random location.

If you do all the things, then the researchers will eventually glean enough information, over thousands of days, that they can just tell you to do whatever they want instead of making you go on pointless drives (aka: they already 'own' you, so the microphone thing is pointless).

Re:Car analogy please

[michelcolman]

If you listen to a car going round a race track, the tire noise, engine rpms and gear shifts, all of that together could give you a pretty good idea of the length of the straights, the intensity of the curves, and the smoothness of the road surface in various places. Listen to enough cars, and you may be able to reconstruct the entire track.

The cpu is the race car, the track is the RSA algorithm for that specific key.

Re:Car analogy please

[AmiMoJo]

It takes an hour of continuous use it the key before they can reproduce it. The measurements they take on each use of the key are not very accurate, but with millions of them they can narrow the possibilities down to something they can brute force.

Re:Car analogy please

[TechyImmigrant]

Can someone explain, vaguely, possibly with a car analogy,

Paul Kocher gets in a car, drives to work, gathers data from a sensor near a device performing the same calculation many times, does bayesian statistics on the data to determine what is noise and what is signal, then recovers the key.

Re:Car analogy please

[wonkey_monkey]

How likely is it for a computer to be continuously encrypting/decrypting for an hour with the same key?

Re:Car analogy please

[Lumpy]

in otherwords... it's a non exploit and only a proof of concept under very controlled environment and test parameters.

Re:Car analogy please

[johannesg]

So we are supposed to believe that different paths, which incidentally occur at a rate of around 4GHz or so, can be 'heard' in an audio stream that has a resolution of maybe 44KHz or so? In an environment that is not free of noise either - fans, other components doing other things, etc.

I find the whole thing very hard to believe.

Re:Car analogy please

[Impy+the+Impiuos+Imp]

So we are supposed to believe that different paths, which incidentally occur at a rate of around 4GHz or so, can be 'heard' in an audio stream that has a resolution of maybe 44KHz or so? In an environment that is not free of noise either - fans, other components doing other things, etc.

I find the whole thing very hard to believe.

Indeed, but proof of concept is amazing.

I recall 25 years ago some guy with "$2000 of Radio Shack hardware" was able to discern key strokes and video signals from the electron gun of the monitor tube. Nobody thought this possible. Now the government has their Faraday cage room for sensitive computers.

Everything since then has been refinement on this. They could do this already based on EMF, but on audio whine is doubly impressive.

Re: Car analogy please

[Impy+the+Impiuos+Imp]

Pre-gps navigation did this using "dead reckoning" (which is still built in). Based on speed, distance, and angle, it can match you to locations on the map. It could take a while, with a number of samples, but can be done. There are only a finite number of distance-intersection pair chains before it narrows down to one.

Re:Car analogy please

[Shinobi]

25 years ago? Try the late 70's, when multiple groups all over the world independently discovered it, one of those teams being engineers at Ericsson. The first public description of the issue was in 1985, by Wim Van Eck.

Re:Car analogy please

So we are supposed to believe that different paths, which incidentally occur at a rate of around 4GHz or so, can be 'heard' in an audio stream that has a resolution of maybe 44KHz or so? In an environment that is not free of noise either - fans, other components doing other things, etc.

I find the whole thing very hard to believe.

Where did you get 44kHz from? It's coils and capacitors on your mobo or PSU that produce these sounds or ultrasounds. Have you ever stood near a large transformer? Or a buzzing fluorescent tube? Did they come with speakers? The sounds in question do not come from your PC's speakers, so this frequency limit does not apply to them. The background of fans and other components (say, churning HDDs) are trivial to kill off with high-pass filters and notch filters.

Re:Car analogy please

How likely is it for a computer to be continuously encrypting/decrypting for an hour with the same key?

Unlikely. But some adversaries come equipped with statistical analysis and patience. You don't need to leak the entire key, and at once, to start worrying.

Re:Car analogy please

[chuckugly]

If the people running the attack can access the surface you're protecting with crypto, 100%

Re:Car analogy please

[wonkey_monkey]

Follow-up question: can someone explain how I got modded "Insightful" for asking a question and specifically demonstrating my lack of knowledge?

Re: Car analogy please

I'm guessing 44k comes from the resolution of CD audio, which is a reasonable approximation of the upper end of nearly all consumer audio gear.

The point is, cell phone mics aren't engineered to respond to a 5ghz frequency because it's far outside the range of human hearing. That doesn't mean it's impossible, but it's so far out of spec that it's surprising to get any usable data at that frequency.

Re:Car analogy please

[UnderCoverPenguin]

The research mentioned in the OP does not mention anything beyond capturing the RSA or ElGamal keys. However, in normal use, these keys are used to create "session keys" (also known as "message keys"). From http://www.pgpi.org/doc/pgpint... (PGP is the forerunner of GPG, which was designed to inter-operate with PGP)

PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.

From the same page

A digital certificate consists of three things: A public key. Certificate information. ("Identity" information about the user, such as name, user ID, and so on.) One or more digital signatures.

Also, the page describes PGP Certificates as including

The certificate holder's public key — the public portion of your key pair, together with the algorithm of the key: RSA, DH (Diffie-Hellman), or DSA (Digital Signature Algorithm).

There is no description of a procedure for deriving any kind of intermediate key from the public key in the certificate.

So, the 4096 bit keys discussed in the OP might be the public keys contained in the certificates. In which case, these 4096 bit keys might be in use for months or years.

I hope there actually are intermediate keys being generated. If not, a disruptive redesign of the encryption tools we use will be needed. However, any existing encrypted files would still be subject to the analysis by the described attacks, so the "blinding" mentioned in the research would still be needed. Also, it does not mention anything about changes to how the keys are actually used.

Also, the OP (and headline) fails to mention that the research also discusses other methods, including a person, with a concealed device, merely resting their hand on the computer for a few seconds. I suspect this infers that blinding the analysis is even more important.

Re:Car analogy please

[lachlan76]

The actual multiplications are nowhere near as fast. A multiplication of an RSA-sized number takes thousands of cycles (see here), and modular arithmetic of that size is even slower. 44kHz corresponds to a sample per 45k 2GHz cycles, and Montgomery multiplication as in the link above takes up to two adds per bit if you do it quickly and insecurely, with each taking on the order of 100 cycles. An exponentiation of a 1024-bit message will need therefore around 100k (average-case) cycles i.e. 2.5 audio samples. This will go increase at least quadratically with key size, meaning that with 2048-bits you're looking at ten samples on average.

In any case, they are a reputable bunch, you'll notice Shamir (the S in RSA) in the author list.

Re:Car analogy please

Believe it. I've done it, and I was nowhere near the first. You might find some of D.J. Bernstein's work interesting. -PCP

Re: Car analogy please

I nodded you up because I wanted to console you due to the fact that you won't be able to eat a dick today.

Re:Car analogy please

Best post I've read all day. -PCP

Re:Car analogy please

Presumably you were modded "insightful" because you asked a good question, perhaps even one with insight? ;)

You don't necessarily need knowledge to be insightful, that is why "insightful" and "informative" are different mods that can be applied.

Re:Car analogy please

[johannesg]

Analog signals are captured in analog fashion and can be used to reconstruct the original image. Sure, I buy that. But this... No, sorry. If anything, I'm inclined to believe that this news is simply a smoke screen; some method to point at when a private key has mysteriously been recovered using other ways (like a built-in weakness in the algorithm, for example).

Re:Car analogy please

[jrumney]

It's like when your mechanic hears your car drive up and says "ohh, it's going to cost you" before he's even seen your car.

Re:Car analogy please

RSA works on modular exponentiation.

message ^ secret_key

The simplest way to do this exponentiation, is to do a multiply (4096-bit multiply - which is a fair few instructions).

So, without reading the paper, I assume the attack goes something like this:

Suppose the secret key is: 01001011 in binary

The microphone would detect:
N-N-pause-N-pause-pause-N-pause
where N is the noise emitted by the processor that is characteristic of doing a 4096-multiply instruction.

This exponentiation with the same number is done very often for each 512 byte packets of the the message. Because this happens so frequently and regularly, it creates the characteristic hum that the microphone can detect and, with clever algorithms, somehow reverse.

One solution is to do the multiply anyways, but that slows down the RSA calculation significantly. Another is to add random 4096 bit multiplies into the mix to throw off the algorithms.

Re: Car analogy please

[wonkey_monkey]

Aww, thanks, but there was really no need. Like, really.

Re:Car analogy please

[q4Fry]

Van Eck's exploit was used in a pivotal part of the Cryptonomicon that was honestly kind of silly. (MILD SPOILERS) If an adversary can do screen mirroring while you're in a prison they control, it is probably a given that they are also using statistical analysis on the sound made by your keyboard keys and the voltage fluctuations on the plug you're using to power your computer. Or (here's a thought) they could just film you from every angle.

Baloney

[110010001000]

These "attacks" are always on carefully selected hardware running custom software. There is no way on a real system this would work.

Re:Baloney

[Antique+Geekmeister]

There is a great deal of "carefully selected hardware" in the world, especially in secure civilian and military installations, equipment which could present a broad and lucrative attack surface to such tools. And a good security vulnerability report is also much like a good scientific experiment: enough detail is included to allow clear repetition of the attack, without accidental disparities in the testing conditions obscuring the results.

Re:Baloney

[PopeRatzo]

There is no way on a real system this would work.

Especially since that loud knocking my hard drive's been making for the past week would totally drown out the coil whine.

I'm hoping that knocking sound goes away. Sometimes these things fix themselves, you know?

Re: Baloney

Yeah you are so right! The technique has only been tested on Intel core2, pentium, i5, i7, xeon e3 and xeon e5. Though given the architecure similarities it may also work on celeron, i3, core m and atom. Its also been demonstrated on amd bulldozer and one other amd arch I forget from memory. And also on arm7, arm cortex a53 and ibm power7.

As far as software stack goes, its been demonstrated on windows 7, 10, 2008 server, 2012 server, redhat, centos, ubuntu and osx 10.8/10.9.

But yeah, completely agree with your high quality assessment and understanding of the subject matter...

Re:Baloney

[michelcolman]

There is no way on a real system this would work.

Famous last words.

Re:Baloney

[EvilSS]

There is no way on a real system this would work.

Especially since that loud knocking my hard drive's been making for the past week would totally drown out the coil whine.

I'm hoping that knocking sound goes away. Sometimes these things fix themselves, you know?

Well the good news is that it's pretty much guaranteed to go away on it's own. Now as for the bad news....

Re:Baloney

[JustAnotherOldGuy]

I'm hoping that knocking sound goes away. Sometimes these things fix themselves, you know?

The knocking sound means that your system is low on hard drive oil.

Just get a can of WD-40, drill a small (1/8") hole in the drive, and spray a couple of healthy blasts of the WD-40 into the drive. This will almost always cure the knocking sound.

Re:Baloney

[JustAnotherOldGuy]

There is no way on a real system this would work.

Famous last words.

Along with:

"He'll stop, we have the right of way!"
"I'm sure it's unloaded."
"Of course I'm sure that the other guy shut the power off."
"If taking one of these pills is good, taking three means it'll work really fast."
"Oh yeah, it's strong enough to hold us."
"Watch this!"

Re: Baloney

I prefer white lithium. It leaves a good coating residue for later protection. :P

Re:Baloney

[iggymanz]

this trick can also save your cars blinker lights when they get low on blinker fluid. but wd-40 can't be used to save rear muffler bearings, you need something more viscous like jello

Re:Baloney

[PopeRatzo]

The knocking sound means that your system is low on hard drive oil.

The guy from Geek Squad told me it was because I was using an unleaded power strip. He said they're better for the environment, but really mess up computer performance.

Re:Baloney

[Waffle+Iron]

I'm hoping that knocking sound goes away. Sometimes these things fix themselves, you know?

The knocking sound means that your system is low on hard drive oil.

Just get a can of WD-40, drill a small (1/8") hole in the drive, and spray a couple of healthy blasts of the WD-40 into the drive. This will almost always cure the knocking sound.

People never seem to get this straight: WD-40 is a water displacer. While it may help keep your hard drive from corroding, it won't properly lubricate the moving parts.

You need to squirt a generous amount of a suitable machine oil into your hard drive to properly address the noise. And don't forget to tape the hole when you're done: the oil can attract dirt that would mess up the delicate drive heads.

Re:Baloney

[TechyImmigrant]

These "attacks" are always on carefully selected hardware running custom software. There is no way on a real system this would work.

Yes. However these attacks show an attack works in principle and helps you understand what the bounds of the problem are and how to defend against it. The end result is that real products get made with all sort of mitigations against impractical attacks that might become practical given enough time or money.

Re:Baloney

What? No "Hold my beer"?

Re:Baloney

There is no way on a real system this would work.

Famous last words.

Along with:

"He'll stop, we have the right of way!"
"I'm sure it's unloaded."
"Of course I'm sure that the other guy shut the power off."
"If taking one of these pills is good, taking three means it'll work really fast."
"Oh yeah, it's strong enough to hold us."
"Watch this!"

There is no way on a real system this would work.

Famous last words.

Along with:

"He'll stop, we have the right of way!"
"I'm sure it's unloaded."
"Of course I'm sure that the other guy shut the power off."
"If taking one of these pills is good, taking three means it'll work really fast."
"Oh yeah, it's strong enough to hold us."
"Watch this!"

They couldn't hit an elephant at this distance.

Re: Baloney

You are such a lying piece of shit and nobody with any sense believes a fucking word of this.

Re: Baloney

[110010001000]

Bullshit. I know how these "attacks" work. Every idiot comes out with one every few years in hope of getting some attention.

Re:Baloney

[david_bonn]

Probably.

I suspect that the exact signature of the coil whine is extremely system-dependent. Given that manufacturers often change parts even within a given model (especially of parts like capacitors) even "identical" models might have different coil whines. Coil whine is probably also very temperature sensitive, both to ambient temperature and how hard your PC is working.

One other thought is that TFA says that RSA keys can be extracted "within one hour". Does that mean you need to listen to coil whine for an hour to build up a big enough sample set? In which case this is a non-problem because no one ever spends a whole hour doing RSA encryption. Or does the "within one hour" refer to analyzing a much shorter sample? The article is ambiguous.

Finally, if the system jiffy time is small enough and the time to do an RSA encrypt/decrypt long enough one could probably blind this attack by running several cpu-intensive processes at the same time. Or at least make the attack much, much more expensive.

Re:Baloney

[DesertNomad]

You're crazy!

There's no way you need a 1/8" hole to put the WD-40 through, 1/16" is fine. In true Slashdot form, your idea sucks.

Re: Baloney

Loool, self delusion at its finest. USA USA USA

Re:Baloney

Indeed. In related news, cancer frequently cures cancer. -PCP

Re: Baloney

Hi. I've successfully executed similar operations as components of high level penetration testing engagements, against live production environments, with zero advance knowledge of the target platforms. No, this isn't script kiddie stuff (yet), and no, you probably can't afford the asking price for such engagements. As recently as perhaps two years ago, I was still amazed by the levels of ignorance and denial consistently displayed by those entrusted with safeguarding critical information assets (federal, state, corporate, research, you name it). I'm considerably closer to "numb" these days, so in closing I guess I'll just say "keep on believing whatever helps you sleep better at night, cupcake." Some friendly advice: it's hard to watch your ass with your head in the sand. -PCP

Re:Baloney

[Big+Hairy+Ian]

Along with:

"He'll stop, we have the right of way!" "I'm sure it's unloaded." "Of course I'm sure that the other guy shut the power off." "If taking one of these pills is good, taking three means it'll work really fast." "Oh yeah, it's strong enough to hold us." "Watch this!"

*Pulls finger*

Re:Baloney

[EndlessNameless]

The initial research has to be done that way. Just like any other kind of research and development, you need to eliminate variables to determine what can work and what won't.

Once you validate the concept, then you can start looking at implementing real-world, cost-controlled, mass-produced refinements.

I suspect it will be far more difficult in a real-world scenario because the real world is always more complex than the lab, but the underlying vulnerability is definitely there.

Fortunately or unfortunately, we will probably never hear of real-world cases. Anyone who develops this into a reliable surveillance tool is not going to publicize his success.

Re: Baloney

Delusion about what, bald assertions you are making? I don't need to be deluded about anything, you haven't provided any facts. Just assertions about randon OS and hardware combinations.

I actually wrote bitcoin and Tor and I used a quantum computer to do it. If you disagree you are deluded!

You dumb sack of shit. Are you the lying asshole who made up this whole "listen in on the electrons!" fantasy?

And billyclubs

Rubber hoses, too.

The Register jargon

Could we please stop news from this site. Every time I read a story from these "journalists" and their "tech" jargon I feel like somebody just took a dump on the English language. Half of the time I don't understand what they're saying and half of the time I feel like someone's telling inside jokes. They want to be smarty-pants with their high-tech lingo but they only come across as people that invented words for the terms they don't understand.

Re:The Register jargon

[mars-nl]

It's British humour (that's British English for humor). I love it. And it's much better website than all other copy-paste tech news sites with 50 ads and 200 trackers.

Always Another Way...

[ytene]

Whilst I am prepared to accept the findings of this research and happy to accept that in principle it is possible to infer the calculations being performed by a computer system using nothing more than the "background noise", they produce, I have to believe that there are a myriad of easier ways that the same information could be obtained:-

https://xkcd.com/538/

It is likely that these attacks may be attempted by government agencies looking to crack encryption operated by foreign powers. However, in the majority of the cases I've personally looked at, I see poorly-implemented surrounding controls. Issues include having passphrase data stored on a computer so that an application can decrypt traffic without human intervention, only to have that passphrase file left protected by nothing more than local file system permissions. Let's be honest, owning the file with root and setting permissions to rw-/---/--- aren't going to pose much of a problem to a determined attacker, are they?

This is one of the fundamental issues with encryption: people believe that because they are using high strength key lengths that they are secure; no thought is given to local protection of critical data, to PRNG entropy, to side channel data.

Too many people get blinded by, "Oh, it's OK, it's encrypted", when that means squat if the related safeguards are compromised...

Re:Always Another Way...

[epine]

After only the thousandth trip down the rubber hose, $5 wrench, and single-ended extension cord & lavage basin aisle (special today-only if purchased together) I finally figured out that the core of this joke is actually narcissism.

***

Two agents dressed in black are confronted with a hapless chump, yanked out of bed at 04:00, now seated securely in front of them in a creaky wooden chair (missing most of its seat bottom) in his Dr No. vs Dr Evil footie pyjamas, refusing to give up his password at least until they serve him a fair-trade, organic, single origin Ethiopian peaberry so he can properly recover his wits.

Behind the observation screen.

"Does he want if flown in fresh from Africa this very morning?"

"I know some guys who could arrange to scramble a jet for a mere $12 large under the table."

"Risky. I don't think he's gonna sit there quietly for four hours. Once he notices the damage we've done to this footie pyjamas, he's gonna Hulk-up and destroy the entire facility. Have we got a faster, less expensive option?"

"For $240 we could scramble a hover-drone from Slacker's Choice. They've got one now that dangles a drogue-straw, completely hands-free."

"Innovative. That can't just be for our benefit. There's got to be some cover."

"Think I've got it figured. Like—here's a scenario—your dom gets a text message, then during the message storm—a natural dom always has to get the last word—leaves the room to get some munchies—"

"—shitty dom who won't even stay in character when the phone rings—"

"—no!—from his twisted point of view, it is in characterthe sub has to suffer through all the crunching and spooning sounds while being ignored for some stupid text barrage—but, and here's the thing, the sub has this figured before hand, and there's this iPhone app and the sub merely mumbles, or groans, or croaks the word "drogue" and the whole transaction is automatic, right down to geolocation of the right floor and window."

"We can't even do that."

"Which part? Bound-and-gagged speech recognition, or cell-based geolocation to a single window?"

"Only a muffled 'yerrrg!' comes though one of my gags, and it always means the same thing. The window bit."

"Yes, but we're just a single agency—a large, well funded agency with all the best toys—but even so, we can only stay a step ahead of the consumer flood up to a point."

"Yeah, I know what you mean. They've got the two of us detailed to extract just one password from one chump in his footie pyjamas. That's got to be hard to scale. You can get yourself a $5 wrench just about anywhere, but they don't hand out these retinal-projection aviator glasses without a year of hard-core indoctrination."

"Don't forget the three-hour semi-annual flutter."

"Or peeing into a bottle after every stat."

"Come to think of it, that can't be cheap, either."

"Equip that $240 drogue with a parabolic antenna, we could soon be out of a job."

"Ssssssh. Wipe that from your day log. Right now. If HQ clues into the economics of all this at scale, the glory days of hardware store expense accounts are over and done with."

MIB #2 sets his neuralyzer to 15 s. There's a bright flash. In perfect synchrony, both pairs of aviator glasses negate, dump, and eschew 15 s of recorded history—and the workings of the astrobuck underworld are spared from economic insight, yet again.

"So, what happened to the sub?"

"Well, the dom comes back into the room and the sub is sipping fair-trade, organic, single origin Ethiopian peaberry from a hovering straw."

"What about the gag?"

"Trivial, my dear Watson. The drogue contains a flexible plastic liner which is threaded into one nostril, through the sinus, right onto the taste buds."

"Without sneezing?"

"High-tech plastic, with a special c

Re:Always Another Way...

[buck-yar]

Its probably easier to gain someone's password by listening to their keyboard presses.

Re:Always Another Way...

[Qzukk]

The wrench is unbeatable when you have a specific person in mind. Sure, there's probably less violent and, shall we say... satisfying ways of getting the information, but application of the wrench doesn't require any fancy analysis or much know-how at all.

However, what if we wish to apply the wrench to every single person? That takes a lot of time and manpower. Even without the wrench, having someone take a look at the computer to see what is exploitable on it is a bit on the time consuming side, even if we automate the exploits by redirecting popular websites like slashdot.

In that case, it's much cheaper to install microphones everywhere.

Man, this has to be a hoax

[jones_supa]

This possibly can't be real or, these guys are geniuses. Certainly the coil whine will change depending on the load of the machine. However, there's so much stuff happening in a CPU and the system bus that I find it extremely hard to believe that you could listen to any specific numbers. There's also all sorts of power filtering going on and there's decoupling capacitors on the chips.

However, if this is real, then I assume that listening to network traffic would be doable as well.

Re:Man, this has to be a hoax

The trick is that this attack only works if the calculation is repeated multiple times.

Re:Man, this has to be a hoax

[yes-but-no]

Seems a hoax; CPU processes using electrons; sound travel is mechanical. air-molecules vibrating can never carry the bandwidth of the coil-whine (whatever that is, I assume a disturbance in air surrounding the electro-magnetic changes inside the CPU). Is it april 1?

Re:Man, this has to be a hoax

On a special computer running nothing but this.

Re:Man, this has to be a hoax

[andrew71]

That's the first thing I thought myself. Actually, I looked for a April 1 timestamp.

Re:Man, this has to be a hoax

[swalve]

It belongs in the bin with the "you can spy on someone's internet by recording the LEDs!" Nonsense.

Re:Man, this has to be a hoax

[swalve]

(The LEDs on the modem. Dammit!)

Re:Man, this has to be a hoax

[jones_supa]

I still find it very strange that it would work. A CPU can have millions of transistors changing state at any given moment, in an asynchronous out-of-order fashion. Add to that all the other components in a PC, bus talk, etc. Even if we got an accurate print of all of the digital chatter happening in a PC, it would be nearly impossible to derive anything specific from that. A power filtering coil is an even much more crude component. You can hear big changes like CPU/GPU frequency stepping, but that's all.

Re:Man, this has to be a hoax

With Windows calling or trying to call home all the time, systemd overtaking or trying to overtake Linux functions with every damn click and Apple updating their ToS almost every second, I find it pretty difficult to get reliable data at all, so yes, it's an hoax.

Re:Man, this has to be a hoax

It's not real and anyone who believes it is is an idiot. Yes, you're going to pick up, via audio, the electrons in my CPU which is doing 100 different things at any given millisecond in time and you're going to decode an RSA key.

Jesus Fucking Christ. Give me a break.

DURRRR! Seems legit!

Re:Man, this has to be a hoax

It's real and very doable. Here's a link to the presentation, skipping over the introductory material which you probably already know anyway. Different instructions emit a very different signal, and contrary to what is commonly thought, computers usually aren't all that busy, so when you're doing something that taxes the CPU, like encryption, that signal will be the main signal you pick up.
The biggest challenge is that due to physical limitations you cannot really measure fast enough to obtain instruction traces from devices with current clock speeds. However, it turns out that all the operations strung together still produce recognisable patterned signals. In this case, these leak information about the primes and, ultimately (using a chosen cypher text attack) the private key used.
At 16:00 is the actual part of the algorithm that gets exploited. It's a test that's executed inside some loops. The chosen cypher text will make the test predominantly come out one way or the other, depending on the key. The loops serve to ‘stretch’ the signal so it can be measured. At 17:00 is an image of the different situations. This attack is serious and practical enough that the GnuPG folks have decided to put in mitigations.

Re:Man, this has to be a hoax

[110010001000]

Bullshit. Computers are always running millions of instructions per second. You cannot isolate "your instructions" by listening. You might be listening to known instructions in a loop, but that isn't realistic. Complete bullshit.

Re:Man, this has to be a hoax

So you neither watched the video nor read my comment. Using a chosen cypher text attack, it is possible to trick the cryptographic software into executing known instructions (or known sequences, anything with a recognisable audio signature will do) in a loop. Watch the video again, and pay special attention around the 16:00 mark.
This issue is serious enough to get GnuPG's developers attention; if you don't believe me you can look up CVE-2013-4576. Also, here's a Git commit with a (partial) fix. But you, self-styled cryptography expert, say it's a non-issue so I guess GnuPG's developers don't know what they're doing and should stop wasting their time.

Re:Man, this has to be a hoax

It works, and not just on a theoretical or "lab only" basis. Read the paper and the references cited therein. The mere existence of these attack vectors seems to invoke a sort of automatic defensive denial reaction in many people, which is understandable given the magnitude of the consequent "well fuck" factors involved, but denial doesn't uninvent things or stop nasty people (howdy, Director Comey!) from doing nasty things with said tools. -PCP

Re:Man, this has to be a hoax

[EndlessNameless]

Someone obviously didn't read the article.

The microphone listened while the system processed chosen ciphertext.

It is necessary to interact with the server somehow while recording, as it must be decrypting specific data.

This limits the scope of the attack significantly, but extremely resourceful organizations could probably manage it somehow.

Re:Man, this has to be a hoax

[jones_supa]

Thanks for the information. That certainly changes the whole picture a bit.

A good covert attack

Reminds me of a differential power analysis attack but that requires physical access to the machine. With this microphone attack you just need to know which type of machine it is and proceed in a completely covert manner.

It always amazes me how inventive a determined attacker can be. On a defense project back in the 90's we had to keep our analog phones six feet away from CRTs to prevent monitor EMI from entering the phone line. That EMI could be analyzed by a third party to recreate the monitor's image.

Re:A good covert attack

[jones_supa]

The scanning frequency of a CRT monitor is much higher than what a phone captures. There's no realistic way in which the other end could've recreated the picture.

Re:A good covert attack

[Shinobi]

He's not talking about audio, he's talking about EM, which could indeed be snooped upon via induction in cables etc, even when you couldn't snoop in on the monitor directly.

djb has talked about this for years

Dan J. Bernstein has talked about the need for crypto to use constant time and no data-dependent branch assembly implementations to avoid this and other attacks for years.

Consoles

Don't understand why this hasn't been done yet with current gen consoles. Seems like getting the encryption keys this way would save a lot of time.

Re:Consoles

It all depends on the how the hardware is designed... There are multiple ways to protect against these things, but protection against this do cost money so is therefore skipped in most PC's..

Consoles / settop-boxes and other "high-risk" devices do get many of those protections implemented due to the risk of piracy.

OK this just boggled my mind

[JustNiz]

How the hell do they isolate the key from all that is going on around it?

Re:OK this just boggled my mind

[avoisin]

Looking for a pattern, that's why it takes an hour. You're looking for a pattern in the noise that repeats, then looking for subtle variations in the pattern to pick out the specific bits. There's a lot of other noise from other sources, but if you listen long enough, you know the length and frequency of the pattern you're looking for, you'll still be able to pick it out.

This won't work as something that happens in a one off, and you still need the target machine to be compromised to be repeatably getting the pattern to be created in the first place. That said, it is still impressive, and it shows that the target algorithm needs more randomization, which is the fix that was mentioned. I do this in firmware that I write, I don't hide the private keys all in one variable, I have them cut apart in pieces so that you can't just read my firmware and try every contiguous 4,096 bit block and see if it's my private key.

Re:OK this just boggled my mind

Because they have a test system running only this over and over. It is inconceivable that this would work in the wild with a system running all sorts of other processes at the same time, while only doing this once.

Re:OK this just boggled my mind

Russians could do something like that, back in the 60'ies from TeleTypes.
They picked electromagnetic noise from the TeleType and could transform it to the text the TeleType was printing... usually the encryption/decryption was done before the TeleType so they simply bypassed the whole encryption issue, it is btw. described in Spycatcher.

Re:OK this just boggled my mind

These kind of algorithms works by essentially aligning similar 'patches' of sound/information as good as you can, and if you can align them any better than random chance the sum will start to converge to a very exact measurement, with everything else becoming noise which gradually fades after many measurements.
After that you (usually) use symmetries and other features of the calculation to allow the information you have to constrain the possible keys down to a number of keys you can practically check, ideally one obviously.

The hard part is getting your summation of multiple sound patches to be better than chance, and that's why interspersing real calculations with random but similar calculations help, it makes it harder to align the patches, until somebody figure out a better way of aligning and summing the now shorter sound patches.

Effectively requires root

[laughingskeptic]

In order to obtain the laboratory effect of single threaded decryption of 4,096 approximately 1Mbit files in sequence you would have to be root and generally have all "messy" asynchronous processing such as interrupts from the network card disabled. This is a lab-only non-realistic attack. If you had that much control over the CPU you might as well just read the key out of the registers as it is used.

Re:Effectively requires root

[NoseyNick]

Not true. See https://youtu.be/DU-HruI7Q30 as posted by someone else. If the machine was really busy doing other stuff, you'd have trouble, but if the machine is MOSTLY idle, apart from running GPG on your chosen cyphertexts, then occasional network interrupts and short-lived cronjobs and stuff won't be too much of a distraction. He even demonstrates that his machine is running something really short every second, doesn't matter, you can trick GPG into making your machine emit the tell-tale squeals for a decent fraction of a second, telling you about ONE bit of key. Repeat with carefully selected cyphertexts and you can extract 1 bit per second until you're done with a 4096-bit key in about a hour. The example in the video had GPG in Enigmail in Thunderbird decrypting your email on receipt. If you know enough about SSL you could fairly easily do this as a series of negotiations on any TLS port.

Irrelevant for PC.

This is well-known "modular exponent side-channel attack".
Its idea is like this: we do exponentation one bit of exponent at time. If we meet 1, we do square and multiply. If we meet 0, we do just sqare.
The catch is, sqare is /different/ than multiplucation (twice faster in fact) and this algo difference has impact on cpu power consumption.
As result, it's possible to extract some useful info about secret things like private keys just by watching how much power cpu consumes.

This thing is most relevant for smartcards, which keep private keys inextractable and have limited memory computational power, so square vs multiply optimization is required.

But it hardly relevant for PCs, where all secrets live on its drives. You get PC you get secrets. PC also has multiple cores and plenty of memory. This allows to use more sophisticated arithmetic optimizations which render this sqare vs multiply difference nearly harmless.

IMHO journalists try to make FUD out of nothing.

Video

[nsaspook]

https://youtu.be/DU-HruI7Q30

How do they come up with this stuff

[skovnymfe]

How do they come up with this stuff? Seriously?

Hey, look up it says 'gullible' on the ceiling!

I think you would have to be an idiot with absolutely no understanding of how computers work to believe this is (practically) possible.

Total bullshit? Yep.

pretty sure I heard something about this 20 years ago, on a movie.

Of course it was total bullshit then. It's still total bullshit now.

Like the old rumor you could listen to a dial-up modem connecting and learn someones password. Of course, it's total crap.

and not funny either.

Re:Total bullshit? Yep.

Except for the fact that they demonstrated it several times, yeah, it's total bullshit.

And they published their methods so other researchers can duplicate or expand the work.

And there is a body of published work exposing similar attacks against other algorithms.

You are a knee-jerking denialist idiot.

Re:Total bullshit? Yep.

Yes. And cold fusion works because they did a paper on that, too. Can you point to someone other than these authors who have done this? No.. you can't? Yeah, thought so.

Doesn't work!!!

[floatpt]

Now I can't access the drive at ALL!! I'm really hoping it comes back I have a lot of photos and music that aren't backed up. Also, the knocking is still there.

Re: Doesn't work!!!

Did you forget to put all the drill shavings back through the drill hole? They probably had precious data on them. How can the disk self repair of you threw out your own data?

Re:Doesn't work!!!

[JustAnotherOldGuy]

Now I can't access the drive at ALL!! I'm really hoping it comes back I have a lot of photos and music that aren't backed up. Also, the knocking is still there.

Just use more WD-40, a few more blasts ought to do it. Keep spraying until the knocking goes away.

Hacked? Not needed

[phorm]

I doubt the cellular phone even needs to be hacked. Half the people around you probably already have an app around that's already listening (but don't worry, they say they're not).

Re:Hacked? Not needed

[peawormsworth]

an app.. that's already listening (but don't worry, they say they're not).

Actually, they usually say they are listening. And reading your contact list and many other things they don't need. And most people click to accept whether they know or do not know what they are agreeing to.

And yet...

I still can't get Shazam to recognize this *&^@#*&^ song!