RSA Keys Snatched By Recording CPU Sounds with a Phone
It sounds too preposterous for even James Bond: by placing a mobile phone next to a PC, researchers can "isten" to the faintest sound a CPU makes as it churns away on RSA-encoded content and extract the keys themselves.
Fri, December 20, 2013
PC World — It sounds too preposterous for even James Bond: by placing a mobile phone next to a PC, researchers can "listen" to the faintest sound a CPU makes as it churns away on RSA-encoded content and extract the keys themselves.
Preposterous, except for the fact that Adi Shamir, one of the co-developers of the RSA encryption algorithm, co-wrote the paper that describes how to do it. Daniel Genkin and Eran Tromer were the other two authors.
"The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts," the paper's authors wrote. "We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away."
The authors were able to experimentally succeed with their method using either an ungainly, and extremely obvious, parabolic antenna from 4 meters away, or by using a generic mobile phone from just 30 centimeters away. A Naturally, better listening equipment decreased the time to extract the RSA keys.
And it gets even worse: merelyA touching the PC also allowed an attacker to extract the keys by measuring the electric potential of the PC chassis. In this case, users who touched the PC (and surreptitiously measured their electric potential) should be able to extract the keys. And be persuading the victim to plug in either anA innocuous-looking VGA or ethernet cable into his laptop, the attacker could measure the shield potential elsewhere and get the keys as well.
Typically, simply having physical access to a unsuspecting PC is enough for some security experts to throw up their hands and concede that the attacker has won. And that's true, in this case, as well.A But the paper's authors demonstrated an "attack" running in a lecture hall, and suggested other plausible scenarios:
" Install an attack app on your phone. Set up a meeting with your victim, and during the meeting, place your phone on the desk next to the the victim's laptop.
" Break into your victim's phone, install your attack app, and wait until the victim inadvertently places his phone next to the target laptop.
" Construct a webpage, and use the microphone of the computer running the browser using Flash or another method. When the user permits the microphone access, use it to steal the user's secret key.