Researchers crack the world’s toughest encryption with microphone

anvilfour

Acoustic cryptanalysis is nothing new, nor is this story but it's certainly interesting:

Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening — yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data.

Read more : http://www.extremetech.com/extreme/173108-researchers-crack-the-worlds-toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu

Full paper : http://rd.springer.com/chapter/10.1007%2F978-3-662-44371-2_25

anvilfour

It's very powerful to think that this was done with a mobile phone just 30cm away from the laptop in question.

This only applies to someone using GnuPG but the implications of this are staggering!

A few suggestions on how to stop this from happening:

- Use a hardware token i.e 2FA to unlock your machine / encrypt your e-mails.

- Play some white noise or music when putting your password in.

- Remove everything with a microphone!

manjosh

So is it that every stroke on a keyboard as it own specific tone?. Because i think that is the only possible explaination.

anvilfour

manjosh wrote: »

So is it that every stroke on a keyboard as it own specific tone?. Because i think that is the only possible explaination.

So it would seem! Apparently also minute sounds made by the CPU can be detected too.. I haven't read the full paper but it seems even a relatively low cost microphone can detect these sounds - that said if you use two factor authentication, you needn't worry too much!