Researchers crack the worlds toughest encryption by listening to the sounds made by your cpu

By Lovell
in Back Page News

 Share

Recommended Posts

Veteran

Lovell

Posted
Posted

Researchers crack the world?s toughest encryption by listening to the tiny sounds made by your computer?s CPU

 

 

Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening ? yes, with a microphone ? to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you?re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data.

 

http://www.extremetech.com/extreme/173108-researchers-crack-the-worlds-toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu

Link to comment
Share on other sites
Grand Master

neufuse Veteran

Posted
  • Veteran
Posted

this would be VERY hard to do with CPU's running lots of cores... because each one would be doing multiple tasks at once and each would generate its own sound at the same time... you'd somehow have to demux it and know which sound came from what core at the time....*head starting to hurt from the math behind this*

Link to comment
Share on other sites
Mentor

snaphat (Myles Landwehr) Member

Posted
  • Member
Posted

this would be VERY hard to do with CPU's running lots of cores... because each one would be doing multiple tasks at once and each would generate its own sound at the same time... you'd somehow have to demux it and know which sound came from what core at the time....*head starting to hurt from the math behind this*

 

It'd be difficult to do with any sort of noise -- I'd imagine preemptive scheduling & varying load would work just as well on a single core as a multicore in throwing this off.   It also requires a baseline to be built using an existing known encryption key so it isn't like you could just walk up with a listening device and side channel attack the computer to figure out encryption keys. You'd have to social engineer the user into doing something for you first and then identify the precise moment to build the baseline for the cpu.

 

And at that point, whoever it is is just going to be beat you with a club and you will cough up the passphase through threats of violence and death instead :rofl:...

Link to comment
Share on other sites
Grand Master

vcfan

Posted
Posted

same concept as differential power/electromagnetic analysis, but it isn't practical in the real world. secure smartcards and microchips from even a decade ago,  run on an internal clock,and give off dummy clock/instruction cycles to combat this very type of attack, meaning even if you took a million samples with identical instructions or at the exact same clock, they will all differ, making this type of attack impossible to accomplish.

  • snaphat (Myles Landwehr)
  • Like 1
Link to comment
Share on other sites
Grand Master

Raa

Posted
Posted

That's insane!

I read an article a few years back that said someone could find out what you're downloading by timing the difference between the network and hard drive light flashes... I thought that was crazy too. :|

Link to comment
Share on other sites
Mentor

snaphat (Myles Landwehr) Member

Posted
  • Member
Posted

That's insane!

I read an article a few years back that said someone could find out what you're downloading by timing the difference between the network and hard drive light flashes... I thought that was crazy too. :|

 

They can because if the light is flashing then it is pron being downloaded. Otherwise it isn't flashing...  :rolleyes:

  • Raa and Praetor
  • Like 2
Link to comment
Share on other sites
Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

As interesting as this attack is, it isn't "broken" in any sense of the term.

It's a side channel attack, but instead of timing the time taken to decode a block or the power draw by the CPU, they're just listening to mechanical stresses.

Link to comment
Share on other sites
Veteran

rfirth

Posted
Posted

only if it's implemented perfectly, which it often is not.

 

As long as you don't do something stupid.

 

No, that's not the drawback. The real drawback is that it requires a 'pad' the same size as the data you wish to encrypt/decrypt, and both parties must have the same pad. But it's the (classical) basis of quantum cryptography.

Link to comment
Share on other sites
Proficient

srbeen

Posted
Posted

where the hell did they find a smartphone with a mic sensitive enough to be able to pickup 150khz sound waves and be able to process them. I want that smartphone! :p

 

Ultrasonic mics. I'm assuming they wrote a program on the phone, then 'tricked' it into using a headset for recording so it'd use the ultrasonic mic to prove a point.

Link to comment
Share on other sites
  • 3 weeks later...
Grand Master

LittleNeutrino Veteran

Posted
  • Veteran
Posted

i would have never thought to try to break it that way. props to the person that came up with the idea.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.