Wow... just.... wow.



  • Impressive.

    Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data.


  •  I used to think squeaky CPU was just an annoyance of old or poorly grounded hardware, but now it's also a security breach!



  • The solution is simple. One has to insulate the computer. Most computers come with plenty of holes in them, supposedly to allow fresh air in and warm air out. I call bogus. The NSA is behind the whole thing. They just want to listen to our keys!



  • A few details are wrong: you can't pick up sounds up to 150kHz with a smartphone, and playing music will only mask until 18kHz or so.



  • @TGV said:

    you can't pick up sounds up to 150kHz with a smartphone,
    It takes very specialized (i.e., expensive) equipment for anything above 20khz.

    You're certainly not going to do it with a phone or any standard off-the-shelf microphone. The best microsphones available, costing $10,000 or more, can ony pick up frequencies up to 20khz.



  • @El_Heffe said:

    @TGV said:

    you can't pick up sounds up to 150kHz with a smartphone,
    It takes very specialized (i.e., expensive) equipment for anything above 20khz.

    You're certainly not going to do it with a phone or any standard off-the-shelf microphone. The best microsphones available, costing $10,000 or more, can ony pick up frequencies up to 20khz.

    That's if you want Hi-Fi. For this application, I don't think you care much about distorsions and non-linearity.



  •  This is *NOT* news...there have been similar cases (gathering sensitive information by listening to computers) dating back to the late 1970's [possibly earlier]



  • @Planar said:

    That's if you want Hi-Fi. For this application, I don't think you care much about distorsions and non-linearity.

    Well... most audio equipment quickly drops off after 20kHz, and a mobile phone mic probably earlier. After all, speech is redundant beyond 3kHz. 150kHz is 3 octaves beyond normal operating range. And a mobile phone will not have a 300kHz ADC on board to digitize that sound. So, it makes me suspect that the inference that you can crack the key with a normal smartphone next to the computer is not completely accurate.

     



  • @TheCPUWizard said:

     This is NOT news...there have been similar cases (gathering sensitive information by listening to computers) dating back to the late 1970's [possibly earlier]

    Sorry. First time I saw it. You goddam technology hipster.


  • Considered Harmful

    Cryptonomicon features side-channels (like this one) as a major plot point, and explains several cryptography and cryptanalysis techniques in terms a layman can understand. Stephenson consulted with Bruce Schneier, so the security material is fairly accurate. It even contains a method of encrypting a message in a deck of playing cards with no other tools necessary. It also manages to be fairly entertaining - strongly recommend.



  • Like I said before, information always finds a way through. The paper also describes the same attack done via power consumption and chassis potential (the "magic touch" attack, since you can do it by just touching the computer with one finger). And I seem to recall reading something a long time ago about data leaking through the LED indicator lights of routers.

    The most universal solution to side-channel attacks seems to be randomizing the computations (changing the order and doing extra operations) in order to confuse people "watching" your CPU activity. Either that, or completely isolating the computers with thick layers of concrete, metal, and insulation foam.



  • @TGV said:

     So, it makes me suspect that the inference that you can crack the key with a normal smartphone next to the computer is not completely accurate.

     

     

    You should read Q3 and its answer at the author's paper summary page: http://www.cs.tau.ac.il/~tromer/acoustic/

     



  • @anonymous234 said:

    Like I said before, information always finds a way through. The paper also describes the same attack done via power consumption and chassis potential (the "magic touch" attack, since you can do it by just touching the computer with one finger). And I seem to recall reading something a long time ago about data leaking through the LED indicator lights of routers.

    The most universal solution to side-channel attacks seems to be randomizing the computations (changing the order and doing extra operations) in order to confuse people "watching" your CPU activity. Either that, or completely isolating the computers with thick layers of concrete, metal, and insulation foam.

     

    Yet, sound is not side channel (unless it's the fan sound), computers have hardware explicitly designed for emiting and receiving it, thus randomizing the order of instructions will have no benefit. Also, you forgot to make you computer run on batteries, and ice somewhere, so you won't leak heat.

     Anyway, for anybody complaining that computers can't emmit or receive anything over 20kHz, and what about sound under 20Hz? Some distortion is acceptable, one does not need much bandwidth for transmitting a 4kb key.

     



  • @martijntje said:

    The solution is simple. One has to insulate the computer. Most computers come with plenty of holes in them, supposedly to allow fresh air in and warm air out. I call bogus. The NSA is behind the whole thing. They just want to listen to our keys!
    I call shenanigans on your bogus. Since when has the government ever given evidence that they listen to anything we say?


  • Trolleybus Mechanic

    @da Doctah said:

    I call shenanigans on your bogus. Since when has the government ever given evidence that they listen to anything we say?

    They don't.

    its tru we don't



  • @Mcoder said:

    one does not need much bandwidth for transmitting a 4kb key.

    Time for us web devs to step in and show you how it's done. First, get a client, then do your best to minify that key with 30 other keys and pack in 15 webfonts that are only used once, then toss a 500KB PNG image on top of the pile because the client reaaaaally wants an alpha channel drop shadow but claims they also want IE8 support so they can't use a canvas to do it. The 3-7MB of bloat should keep every crypto breaking mechanism busy for the until quantum computers.



  • @spamcourt said:

    You should read Q3 and its answer at the author's paper summary page: http://www.cs.tau.ac.il/~tromer/acoustic/
    Thanks!

     



  • @Mcoder said:

    Yet, sound is not side channel (unless it's the fan sound),

    Or, as in this case, the noise of the voltage regulator ramping up and down according to the CPU's level of activity, so yes, it is a side-channel.

    @Mcoder said:

    computers have hardware explicitly designed for emiting and receiving it, thus randomizing the order of instructions will have no benefit. Also, you forgot to make you computer run on batteries, and ice somewhere, so you won't leak heat.

     Anyway, for anybody complaining that computers can't emmit or receive anything over 20kHz, and what about sound under 20Hz? Some distortion is acceptable, one does not need much bandwidth for transmitting a 4kb key.

    The computer's sound card has nothing to do with this.  You appear to be imagining some kind of malware on the machine that is leaking info through the sound card.  The attack being discussed is nothing like that at all.  I think you did not read the linked article.




  • @DaveK said:

    The computer's sound card has nothing to do with this. 
     

    I don't see mcoder mentioning or implying the sound card anywhere.



  • @dhromed said:

    @DaveK said:

    The computer's sound card has nothing to do with this. 
     

    I don't see mcoder mentioning or implying the sound card anywhere.

     

    What to you call " computers have hardware explicitly designed for emiting and receiving it,"  (where "it" refers to sound!)....



  • @TheCPUWizard said:

    What to you call " computers have hardware explicitly designed for emiting and receiving it,"  (where "it" refers to sound!)....
     

    Indeed. My own understanding blinded me to his faulty sarcastic roundabout description.



  • The crypto suite they attacked was GnuPG, which only goes to show you can't expect those useless fucking hippie FOSStards to get anything right... oh, wait.



  • @TGV said:

    So, it makes me suspect that the inference that you can crack the key with a normal smartphone next to the computer is not completely accurate.
    That's not an inference, that's an experimentally verified result. Read the paper.



  • @martijntje said:

    The solution is simple. One has to insulate the computer. Most computers come with plenty of holes in them, supposedly to allow fresh air in and warm air out.
    Do we have to use the Cone of Silence?



  • @El_Heffe said:

    @TGV said:

    you can't pick up sounds up to 150kHz with a smartphone,
    It takes very specialized (i.e., expensive) equipment for anything above 20khz.

    You're certainly not going to do it with a phone or any standard off-the-shelf microphone. The best microsphones available, costing $10,000 or more, can ony pick up frequencies up to 20khz.

    Wrong. Those microphones cost that much because they counter distortion and unwanted noises. High frequency microphones are not that expensive.

    I should know, some of the Physics experiments for my pupils call for Ultrasound measurements - and while the equipment is not cheap, it didn't pass the 1,000€ mark either. You can get such microphones for about 500€. Although you'll need some additional equipment as well, such as amplifiers and a proper DSP (and that is usually the really expensive part).



  • @Rhywden said:

    Although you'll need some additional equipment as well, such as amplifiers and a proper DSP (and that is usually the really expensive part).

    And the DSP can be largely eliminated if you don't need "real time" analysis. IF the raw data can be just digitized and recorded, then the analysis can be run (much much slower) on a general purpose PC...



  •  I encrypt my data with flatulence.  Just wait until they get a load of that!



  • Put a microphone into a co-located server, slot it into a rack in a data center, and then scoop up the encryption keys from hundreds of nearby servers.

    Have these people never been inside a data center before? What kind of SNR are they expecting to get exactly? You can't even hear a juicy fart if you're standing next to a typical rack.



  • On my old commodore 64 I could tell if the machine was about to crash from the change in whine of the CPU. (only 1 MHz so it didn't take a long loops to make it audible) At my first job, the coworker in the adjacent cubicle had some beast of a Dell running NT 4.0, and I could easily tell whenever they were scrolling a window.



  • Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA
     

    No, they have broken an encryption process. If they had broken the algorithm, they wouldn't have to use a microphone.


  • Discourse touched me in a no-no place

    @levbor said:

    No, they have broken an encryption process. If they had broken the algorithm, they wouldn't have to use a microphone.
    It also requires a special plaintext (the technique relies on the software handing zeroes specially) and a reasonably quiet environment (to keep the noise floor down). Awkward, but not impossible on client systems.



  • @OfficeMigrant said:

    On my old commodore 64 I could tell if the machine was about to crash from the change in whine of the CPU. (only 1 MHz so it didn't take a long loops to make it audible)
    I could hear when RAM was used intensivly on my (father's) 286.@OfficeMigrant said:
    At my first job, the coworker in the adjacent cubicle had some beast of a Dell running NT 4.0, and I could easily tell whenever they were scrolling a window.
    That worked on my 486 with Windows 95 as well. S3 card?


Log in to reply