RSA Keys Can Be Harvested With Microphones

Researchers have now demonstrated that even with modern laptop, desktop, and server computers, an inexpensive attack can harvest 4,096-bit encryption keys using a parabolic microphone within 33 feet -- or even from 12 inches away, using a cellphone microphone. An anonymous reader quotes this article from The Register: In both cases it took an hour of listening to get the 4,096-bit RSA key... As a computer's processor churns through the encryption calculations, the machine emits a high-frequency "coil whine" from the changing electrical current flowing through its components... The team recommends encryption software writers build in "blinding" routines that insert dummy calculations into cryptographic operations. After discussions with the team, GNU Privacy Guard now does this.

Old news

[NotInHere]

How is this not a reiteration of this old attack from 2014: http://www.tau.ac.il/~tromer/h...

Re:Car analogy please

[Opportunist]

What happens in such attacks is that there are different calculation paths for different results, and by "watching" (or in this case, listening to) the CPU perform, you can tell what calculation paths it took and determine from this what input it used.

A vague analogy would be that the CPU is giving off long and short beeps, and by listening to them and noticing when and how long it beeps you can assemble something akin to a Morse alphabet.

Re:Car analogy please

[michelcolman]

If you listen to a car going round a race track, the tire noise, engine rpms and gear shifts, all of that together could give you a pretty good idea of the length of the straights, the intensity of the curves, and the smoothness of the road surface in various places. Listen to enough cars, and you may be able to reconstruct the entire track.

The cpu is the race car, the track is the RSA algorithm for that specific key.

Video

[nsaspook]

https://youtu.be/DU-HruI7Q30