Monday, December 19, 2011

Your Computer's Humming Can Give Away Encryption Keys

Ssshh. Listen. No, turn off the new Beyoncé first. That sound right there: the whirr of your computer computing. That’s hackable.
Researchers at Tel Aviv University say that listening to just those quiet vibrations of a CPU working can give away what the CPU is doing, what programs it’s running, and even the computer’s encryption key through a process called “acoustic cryptanalysis.”
Not to be confused with hard drives spinning up or down, or the fan turning on, the CPU produces a high pitched whine or hiss as it draws different amounts of power while it works. RSA signing and decryption—the encrypting algorithm commonly used by browsers to ensure secure data transfer, among other things—can be recognized by the sounds the CPU makes, and the RSA key can be recovered, bit by bit, just by listening to the CPU loops run.
Within an hour, the so-called “key extraction attack” was able extract full 4096-bit RSA decryption keys from laptops. Even more disconcertingly, the researchers were able to demonstrate that this was doable with just a smartphone set right next to the computer and from over 13 feet away with a sensitive microphone.

Just that far away via
Before you vow to pump Beyoncé always and forever—for security reasons, you’ll tell coworkers—understand that these were still very controlled circumstances. To crack an RSA-encrypted email client, the researchers had to send a series of a thousand carefully crafted encrypted emails to the client, which had to decrypt them all automatically without opening them, and they had to “hear” the decryption clearly enough to know which email to send next.
Still, if you’d like something new to worry about, the researchers laid out some “attack scenarios” and did so using the second-person, which is awesome. “Install an attack app on your phone. Set up a meeting with your victim, and during the meeting, place your phone on the desk next to the victim's laptop,” goes one, that makes “you” sound like an evil genius. “Send your server to a colocation facility, with a good microphone inside the box. Then acoustically extract keys from all nearby servers,” which sounds way more like the Trojan horse than some malware. And the best: “Put your stash of eavesdropping bugs and laser microphones to a new use.”
While the latest GnuPG privacy guard is supposed to patched to defend against key extraction attacks, the researchers also demonstrated that decryption can bring out other unconscious utterances from laptops, including the amount of electricity they draw from the wall or that course through them. Still, it's far from being something to worry about. Hopefully, it won't ever be: as the encryption arms race speeds up, research like this can help engineers and developers plug up holes before thy're put to use.