Security researchers released a report that documents how they are able to capture cryptographic keys by monitoring the sounds a computer makes when displaying an encrypted message.
“The acoustic signal of interest is generated by vibration of electronic components (capacitors and coils) in the voltage regulation circuit, as it struggles to maintain a constant voltage to the CPU despite the large fluctuations in power consumption caused by different patterns of CPU operations,” the researchers wrote.
The team has already used the technique to capture the 4096-bit RSA key employed by open source GNU Privacy Guard to decrypt emails using the OpenPGP standard, and the sounds used to crack the encryption can be detected in some cases with an ordinary smartphone.
“We devise and demonstrate a key extraction attack that can reveal 4096-bit RSA secret keys when used by GnuPG running on a laptop computer within an hour by analyzing the sound generated by the computer during decryption of chosen ciphertexts,” the researchers said.
“We demonstrate the attack on various targets and by various methods, including the internal microphone of a plain mobile phone placed next to the computer and using a sensitive microphone from a distance of four meters (a little more than 13 feet).”
For the technique to be successful, the attacker must have knowledge of the target’s public key, and would need to be in close proximity to the targeted system as it decrypts the message in order to capture the systems emanations.
“For example, in a meeting, the attacker could innocuously place his phone on the desk next to the target laptop and obtain the key by meeting’s end. Similar observations apply to other mobile devices with built-in microphones, such as tablets and laptops,” the researchers supposed.
A stable GnuPG release is available that mitigates the attack technique, but other applications may still be vulnerable.
Categories: Top Security Stories