OFFICIAL SECURITY BLOG

Encryption is Loud and the Walls Have Ears

January 8, 2014 | BY

Seems like the interest in computer communication via sound is taking another peak in interest now that researchers discovered a way to decrypt RSA-4096 encryption just by listening.

In the white paper “RSA Key Extraction Via Low-Bandwidth Acoustic Cryptanalysis” by Daniel Genkin, Adi Shamir and Eran Tromer, the researchers explain how they can record the sound a processor makes while decrypting files and in turn, decipher the key.

The operation involves what is called a “Side-Channel Attack” and pretty much means attacking encryption/protection from outside of the normal parameters.

Take, for example,  instead of using a keycard to enter a building, you just walk in behind someone else using their credentials.

Man entering security code to unlock the door

The researchers explain how they use a sensitive microphone to listen to what sounds are made by electrical components (i.e. capacitors and coils), a process now called “Acoustic Cryptanalysis.”

After collecting enough data, the researchers were able to map exactly what type of sound were made with what type of encryption. They filtered out all the other noise and using a spectrometer and other special equipment and were able to derive the actual decryption key being used.

web_bit-extraction

Using a spectrometer and specialized software, it is possible to determine the key by collecting and analyzing individual bits.

The distance for this attack was tested at 13 feet using a high quality parabolic microphone (like the spies use!) and then at 12 inches with a simple smartphone.

Possible attack scenarios include hacked / infected smartphones that hide attack software to steal keys when the phone is placed next to a laptop, accessing a web page that uses the systems’ built-in microphone to listen in and steal private keys or just wander around with a high-powered microphone and see what kinds of keys you can grab.

So, how likely are you to be targeted and attacked with this new type of theft? Very unlikely, fortunately.

Currently, the technology requires an in-depth analysis of the actual encryption platform being used and it changes from user to user.

There exist numerous countermeasures including sound-dampeners, noise makers and changing around the way your system encrypts its files to make it less easy for an attacker to make something of your data.

web_classroom

An example of the distance between target and attacker, obviously having a giant microphone doesn’t do much for stealth

This type of attack may already be in use by some spy agencies around the world. Since it measures the sound or components on the system when it pulls in extra power for decryption (therefore it could also be done by doing analysis on the actual power pull by the system) it’s likely that someone is using it to read secret e-mails or decrypt previously stolen documents.

The researchers have already notified the creators of the encryption system they were able to break and will continue to do so if they decide to try and break other forms, so rest assured that this may be a problem we don’t have to worry about in the near future.

If you are curious about this particular attack, please read the paper linked to above or check out the Acoustic Cryptanalysis Wiki page for more info on the topic.

Thanks for reading and safe surfing! DFTBA!


  • Evan Teitelman

    The researchers have already notified the creators of the encryption system
    they were able to break and will continue to do so if they decide to try and
    break other forms

    The encryption system was GPG. GPG version
    1.4.16
    releases a fix for the vulnerability.

  • Adam Kujawa

    Thanks Evan! I am curious to find out what other systems are vulnerable.