Computer Sounds Give Up Secret Information
Once again proving that real life is stranger than fiction, a group of Israeli security researchers have figured out how to pull off possibly the coolest hack in the past several years: extracting complex encryption keys via sound waves.
When computers are at work, the vibrations in their various components create noise, though usually that noise is too quiet or too high-pitched for the human ear to distinguish.
These sounds can be recorded with the microphone of an average cellphone placed near a computer, and they can reveal extraordinary amounts of information about what the computer is doing when it makes them.
For example, the sounds made when a common security program called GnuPG decrypts messages encoded with a 4096-bit RSA key could be used to determine that encryption key within an hour.
The attack is called "acoustic cryptanalysis," and it opens the door for some serious spy-thriller-level hacking.
Encryption keys work similarly to passwords in that they "unlock" messages that have been mathematically scrambled using an encryption algorithm.
A 4096-bit RSA key is a string of 4,096 ones and zeroes that unlocks a message encrypted with the Rivest-Shamir-Adleman (RSA) algorithm. Anyone who possesses an encryption key can read all messages secured with that key.
There is one catch, however — the text being decrypted during the recording process has to follow a certain mathematical pattern in order to create all the necessary patterns for determining the encryption key.
However, the researchers — who include Adi Shamir, the "S" in RSA — say in their paper that an attacker could easily craft unsuspicious-looking text that follows those mathematical patterns.
The paper also specifies some possible implementations of this attack, which sound like plot points from upcoming James Bond movies. For example, the GnuPG program is often set to automatically decrypt incoming email addresses.
An attacker could send the target an email with a few specially crafted lines of text, which would make the program emit the necessary sound. So long as a mobile phone placed next to the computer, or a more sensitive microphone up to 4 meters away, was recording the sound, the attacker would be able to secure the encryption key.
The research is not directly related to a possible newly discovered piece of malware that may send messages among infected machines using high-pitched sound.