Listen up: RSA keys snatched by recording CPU sounds with a phone
It sounds too preposterous for even James Bond: by placing a mobile phone next to a PC, researchers can “listen” to the faintest sound a CPU makes as it churns away on RSA-encoded content and extract the keys themselves.
Preposterous, except for the fact that Adi Shamir, one of the co-developers of the RSA encryption algorithm, co-wrote the paper that describes how to do it. Daniel Genkin and Eran Tromer were the other two authors.
“The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts,” the paper’s authors wrote. “We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.”
The authors were able to experimentally succeed with their method using either an ungainly, and extremely obvious, parabolic antenna from 4 meters away, or by using a generic mobile phone from just 30 centimeters away. Naturally, better listening equipment decreased the time to extract the RSA keys.
And it gets even worse: merely touching the PC also allowed an attacker to extract the keys by measuring the electric potential of the PC chassis. In this case, users who touched the PC (and surreptitiously measured their electric potential) should be able to extract the keys. And be persuading the victim to plug in either an innocuous-looking VGA or ethernet cable into his laptop, the attacker could measure the shield potential elsewhere and get the keys as well.
Typically, simply having physical access to a unsuspecting PC is enough for some security experts to throw up their hands and concede that the attacker has won. And that’s true, in this case, as well. But the paper’s authors demonstrated an “attack” running in a lecture hall, and suggested other plausible scenarios:
- Install an attack app on your phone. Set up a meeting with your victim, and during the meeting, place your phone on the desk next to the the victim’s laptop.
- Break into your victim’s phone, install your attack app, and wait until the victim inadvertently places his phone next to the target laptop.
- Construct a webpage, and use the microphone of the computer running the browser using Flash or another method. When the user permits the microphone access, use it to steal the user’s secret key.
- Put your stash of eavesdropping bugs and laser microphones to a new use.
- Send your server to a colocation facility, with a good microphone inside the box. Then acoustically extract keys from all nearby servers.
- Get near a protected machine, place a microphone next to its ventilation holes, and extract the secrets
The techniques the authors describe can be countered by sound dampening, but the white noise of a PC’s fan can be pretty easily filtered out. The researchers said that they supplied their attack vector to GnuPG developers before publication, let them develop revised code, and yet it was still vulnerable. The answer may lie in using software to try and obfuscate the audible sound emanations, they said.
In any case, the paper that Genkin, Shamir, and Tromer authored is seriously scary stuff, especially for business or government travelers carrying sensitive information outside the country as well as into and through strange hotels and conference rooms.