Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA Keys Can Be Harvested With Microphones (theregister.co.uk)

Posted by EditorDavid on from the sound-of-your-keys dept.

Researchers have now demonstrated that even with modern laptop, desktop, and server computers, an inexpensive attack can harvest 4,096-bit encryption keys using a parabolic microphone within 33 feet -- or even from 12 inches away, using a cellphone microphone. An anonymous reader quotes this article from The Register: In both cases it took an hour of listening to get the 4,096-bit RSA key... As a computer's processor churns through the encryption calculations, the machine emits a high-frequency "coil whine" from the changing electrical current flowing through its components... The team recommends encryption software writers build in "blinding" routines that insert dummy calculations into cryptographic operations. After discussions with the team, GNU Privacy Guard now does this.

4 of 157 comments (clear)

  1. Re:Get a stronger PSU by geekmux · · Score: 5, Insightful

    33 feet which is 10 meters, easy to spot, hardly "low key" (ehm) eves dropping. I would imagine the eves dropper would get a bloody nose before getting to the door...

    I'll remember you said that when you discover that "innocent" cell phone charger sitting in the corner of your office is actually a microphone with a 64GB microSD card and SIM card inside, dumping a day's worth of key listening across a covert channel, to include your voice conversations.

    Or perhaps the device listening will be your cell phone itself. After all, those never get hacked.

    Perhaps you should start considering the fact that it's hardly a human sitting in the room listening to high-frequency whine, nor does it need to be. Good luck with your bloody nose defense.

  2. Car analogy please by wonkey_monkey · · Score: 4, Insightful

    Can someone explain, vaguely, possibly with a car analogy, how they go about determining keys with coil whine? Is it because the same calculations are made over and over as it churns through data encrypting/decrypting it, so after listening long enough some kind of clues can be gathered about what bytes are in the key? I mean, I assume it's not as a simple as listening and going "Ooh, 14.5Khz, that's 0xBE."

    --
    systemd is Roko's Basilisk.
  3. Re:Get a stronger PSU by PPH · · Score: 4, Insightful

    Stronger PSU -> Bigger coils. It's the coil core that whines due to magnetostriction.

    A laptop won't be of much help. There are a number of buck-boost voltage converters on the motherboard that provide all the different voltage levels needed by the CPU, memory, logic, etc. They use switch mode topologies, which incorporate coils. The alternative, linear regulators, produce a lot of heat due to inefficiency. So laptops are likely going to be better targets.

    --
    Have gnu, will travel.
  4. Re:Baloney by Antique+Geekmeister · · Score: 4, Insightful

    There is a great deal of "carefully selected hardware" in the world, especially in secure civilian and military installations, equipment which could present a broad and lucrative attack surface to such tools. And a good security vulnerability report is also much like a good scientific experiment: enough detail is included to allow clear repetition of the attack, without accidental disparities in the testing conditions obscuring the results.