Hey, is that a parabolic antenna in your pocket or are you just happy to see my laptop?
This is some scary stuff....for all of us. It is now possible to extract your encryption keys using a cellphone, antenna and some
other ways like simply touching your machine or attaching a cable. The sounds eminating from your computer gives away
your encrytion while your computer is decrypting data.
See how it's done: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysisdt@infootnoteThe authors thank Lev Pachmanov for programming and experiment support during the course of this research.dt@infootnote - acoustic-20131218.pdf
............the paper’s authors demonstrated an “attack” running in a lecture hall, and suggested other plausible scenarios:
- Install an attack app on your phone. Set up a meeting with your victim, and during the meeting, place your phone on the desk next to the the victim’s laptop.
- Break into your victim’s phone, install your attack app, and wait until the victim inadvertently places his phone next to the target laptop.
- Construct a webpage, and use the microphone of the computer running the browser using Flash or another method. When the user permits the microphone access, use it to steal the user’s secret key.
- Put your stash of eavesdropping bugs and laser microphones to a new use.
- Send your server to a colocation facility, with a good microphone inside the box. Then acoustically extract keys from all nearby servers.
- Get near a protected machine, place a microphone next to its ventilation holes, and extract the secrets
The techniques the authors describe can be countered by sound dampening, but the white noise of a PC’s fan can be pretty easily filtered out. The researchers said that they supplied their attack vector to GnuPG developers before publication, let them develop revised code, and yet it was still vulnerable. The answer may lie in using software to try and obfuscate the audible sound emanations, they said...................
Wonder if this could be used somehow to end the ransomware malware attacks.....
Edited by buddy215, 20 December 2013 - 07:30 AM.