Think twice when you say "it shouldn't matter"

Posted by: MangoMonkey on 21 August 2014

http://www.cs.tau.ac.il/~tromer/acoustic/

 

"Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation (Eurocrypt’04 rump session), we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

In this talk we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts."

 

A better PSU for your PC is in order. For Security.

 

Posted on: 22 August 2014 by hafler3o

I was charging my iPad Mini when I wrote this reply so you knew what I thought before I hit 'post'. 

 

So this is what a combination of swollen Defence budgets and 'unscrupulous and underemployed' scientists come up with. Next stop, "homeopathic prayer" white paper?

Posted on: 22 August 2014 by MangoMonkey

Folks having fun and getting paid for it.  :-)

Posted on: 22 August 2014 by Kevin-W
Originally Posted by Char Wallah:

Mango, what are you on?

I've asked the same question, many times. Actually I wouldn't mind a bit of it myself.

Posted on: 22 August 2014 by MangoMonkey

Oops. Wrong audience, I guess.  Simon might appreciate the link.

 

"A better PSU for your PC is in order. For Security." was obviously a joke. Ok, maybe not so obvious for some folks here.

Posted on: 22 August 2014 by Kevin-W
Originally Posted by Char Wallah:

Poor Mango. 

Self-inflicted injuries perhaps?

Posted on: 22 August 2014 by MangoMonkey

Now, Now..

 

Posted on: 22 August 2014 by Kevin-W

Posted on: 22 August 2014 by Hook

Good post MM.  Perhaps there are benefits (beyond visual esthetics) to removing computers from listening rooms.  But the privacy concerns are also interesting.

 

Reminds me of similar tech news report from a few weeks ago, where scientists used regular objects as visual microphones. They were able to re-create audio from silent high def video recordings by analyzing the microscopic movements on the surface of a leaf or a bag of crisps.

 

I used to think that personal privacy required living "off the grid".  But now I realize, even if I did live on my own somewhere out in the wilderness, a nearby plant could still be eavesdropping! 

 

ATB.

 

Hook