Acoustic Cryptanalysis: Extracting RSA Key From GnuPG by capturing Computer Sound

' RSA Key Extraction via
Low-Bandwidth Acoustic
Cryptanalysis', is an
interesting paper recently
published by Three Israeli
Security Researchers at
Tel Aviv University.
They claimed that, they
have successfully broken
one of the most secure
encryption algorithms,
4096-bit RSA , just by
capturing Computer's CPU
Sound while it runs
decryption routines.
Daniel Genkin, Adi Shamir
(who co-invented RSA),
and Eran Tromer , uses a
side channel attack and
through a process called
“ acoustic cryptanalysis ”,
they successfully extracted
4096-bit RSA key From
GnuPG.
The paper specifies some
possible implementations
of this attack. Some email-
client softwares i.e.
Enigmail can automatically
decrypt incoming e-mail
(for notification purposes)
using GnuPG. An attacker
can e-mail suitably-crafted
messages to the victims,
wait until they reach the
target computer, and
observe the acoustic
signature of their
decryption, thereby closing
the adaptive attack loop.
The security researchers
listen to the high-pitched
(10 to 150 KHz) sounds
produced by your
computer as it decrypts
data and warned that a
variety of other
applications are also
susceptible to the same
acoustic cryptanalysis
attack.
Here in the above picture,
a mobile phone (Samsung
Note II) is placed 30 cm
(nearly 12 inches) from a
target laptop. The phone’s
internal microphone points
toward the laptop’s fan
vents. Full key extraction is
possible in this
configuration and
distance.
They have notified GnuPG
about the vulnerability and
If you want to keep your
data secure, please follow
recommended countermeasures:
GnuPG team has
developed a patch for the
vulnerability to defend
against key extraction
attacks and released
GnuPG 1.4.16 .
Categories: Acoustic Cryptanalysis ,
Decryption , Email Hacking , Encryption ,
Extract Keys , GnuPG , Hacking News ,
RSA Keys , Side Channel Attack , Voice
Signal , Vulnerability
Latest News
World’s largest Bitcoin Poker website
hacked, 42000 user passwords leaked
Acoustic Cryptanalysis: Extracting RSA
Key From GnuPG by capturing Computer
Sound
Your MacBook Camera could Spy on
You without lighting up the warning light
40 Million Credit Card accounts
affected in massive data breach at
'Target' Stores during Black Friday
Researchers spotted 'Chewbacca', a
new Tor-based Banking Trojan
Judge Ruled - NSA Telephone
Metadata Collection violates the Fourth
Amendment
Russian hackers stole Personal details
of 54 million Turkish Citizens
BIOS Malware that can remotely
destroy any computer, NSA claimed
The Evolution of Cyber Threat;
Interview with IntelCrawler's Researchers
Hacker demonstrated 'Remote Code
Execution' vulnerability on EBay website
You might also like
Comments
About THN | Technology News | Authors
and Contributors |Submit News |Privacy
Policy | Contact
294 453 Like
" We experimentally demonstrate that such
attacks can be carried out, using either a
plain mobile phone placed next to the
computer, or a more sensitive