Sign in with
Sign up | Sign in

Computer Sounds Give Up Secret Information

By - Source: Tom's Guide US | B 22 comments
Tags :

Once again proving that real life is stranger than fiction, a group of Israeli security researchers have figured out how to pull off possibly the coolest hack in the past several years: extracting complex encryption keys via sound waves.

When computers are at work, the vibrations in their various components create noise, though usually that noise is too quiet or too high-pitched for the human ear to distinguish.

These sounds can be recorded with the microphone of an average cellphone placed near a computer, and they can reveal extraordinary amounts of information about what the computer is doing when it makes them.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

For example, the sounds made when a common security program called GnuPG decrypts messages encoded with a 4096-bit RSA key could be used to determine that encryption key within an hour.

The attack is called "acoustic cryptanalysis," and it opens the door for some serious spy-thriller-level hacking.

Encryption keys work similarly to passwords in that they "unlock" messages that have been mathematically scrambled using an encryption algorithm.

A 4096-bit RSA key is a string of 4,096 ones and zeroes that unlocks a message encrypted with the Rivest-Shamir-Adleman (RSA) algorithm. Anyone who possesses an encryption key can read all messages secured with that key.

There is one catch, however — the text being decrypted during the recording process has to follow a certain mathematical pattern in order to create all the necessary patterns for determining the encryption key.

However, the researchers — who include Adi Shamir, the "S" in RSA — say in their paper that an attacker could easily craft unsuspicious-looking text that follows those mathematical patterns.

The paper also specifies some possible implementations of this attack, which sound like plot points from upcoming James Bond movies. For example, the GnuPG program is often set to automatically decrypt incoming email addresses.

An attacker could send the target an email with a few specially crafted lines of text, which would make the program emit the necessary sound. So long as a mobile phone placed next to the computer, or a more sensitive microphone up to 4 meters away, was recording the sound, the attacker would be able to secure the encryption key.

The research is not directly related to a possible newly discovered piece of malware that may send messages among infected machines using high-pitched sound.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Add your comment Display 22 Comments.
Top Comments
  • 16 Hide
    Trialsking , December 19, 2013 11:55 AM
    My refernce design 290x while gaming will proudce enough noise to keep my protected!!!!!
Other Comments
  • 16 Hide
    Trialsking , December 19, 2013 11:55 AM
    My refernce design 290x while gaming will proudce enough noise to keep my protected!!!!!
  • -8 Hide
    ddpruitt , December 19, 2013 12:02 PM
    Quote:
    When computers are at work, the vibrations in their various components create noise, though usually that noise is too quiet or too high-pitched for the human ear to distinguish.


    Quote:
    An attacker could send the target an email with a few specially crafted lines of text, which would make the program emit the necessary sound.


    These are two different things, I suggest you do a little more research and a little less sensationalism. This also falls along the lines of "No Shit", If you decrypt something and encode the data as sound you can get the key via normal cryptanalysis.
  • -2 Hide
    sudz , December 19, 2013 12:03 PM
    also, they proved you CAN in fact unlock your car by holding your cell phone up to a key fob...
  • -1 Hide
    coolitic , December 19, 2013 12:40 PM
    This shouldnt be too much of a problem. Maybe would affect workplaces with numerous people but that's pretty much it.
  • -6 Hide
    ldubrov , December 19, 2013 1:42 PM
    This type of attack would not work in a real world setting. It requires a computer to be in a quite environment without interference from external audio (i.e. user typing on keyboard) or internal interference (a secondary program using the CPU) for about an hour. It would be far more realistic to have the computer stolen. Still, its fairly clever to use the macro components of a machine (capacitors, inductors) to ascertain what the CPU is approximately doing.
  • -2 Hide
    yvyv , December 19, 2013 4:14 PM
    TriedandTrue: you should focus on getting your facts and info straight, and stop writing stupid comments which are crimes against intelligence.
  • -4 Hide
    derekullo , December 19, 2013 5:49 PM
    My god is bigger than your god.
  • -2 Hide
    jimmysmitty , December 19, 2013 11:20 PM
    Quote:
    My refernce design 290x while gaming will proudce enough noise to keep my protected!!!!!


    WRONG!!! The NSA implanted a device that makes the 290X record all of your data, turn it into sound va the fan then submit it to them via your interwebs.

    Spies.....
  • -6 Hide
    megiv , December 19, 2013 11:59 PM
    Stolen land? Good joke, the bible goes back 5000 years back and it says that the land of Israel belongs to the Jews, but hey..we stole it. Maybe from the Dinosaurs.

    and FYI -
    Palestine is a relatively new term compared to the biblical name Israel. It's an attempt to erase the Jewish history from Israel.
  • 0 Hide
    lerar , December 20, 2013 2:00 AM
    "the bible goes back 5000 years back and it says ... "
    oh yeah, let's all masturbate to that
  • 2 Hide
    zyst88 , December 20, 2013 5:06 AM
    Exodus story as depicted in the bible has been conclusively proven by Israeli archaeologists themselves to be an utter BS, which is to prove how unreliable of an information source the bible is so don’t use it as a warrant from your god to steal other peoples land because it makes you look like a total ignorant retard.
  • -2 Hide
    jmonaco5 , December 20, 2013 5:23 AM
    Stop it guys, the NSA is watching.....I love physics, lol
  • 0 Hide
    zyst88 , December 20, 2013 5:25 AM
    Exodus story as depicted in the bible has been conclusively proven by Israeli archaeologists themselves to be an utter BS, which is to prove how unreliable of an information source the bible is so don’t use it as a warrant from your god to steal other peoples land because it makes you look like a total ignorant retard.
  • 0 Hide
    jmonaco5 , December 20, 2013 5:27 AM
    Actually, the Exodus story and the great flood came from the Sumarians in the epic of Gilgamesh.........But they had many gods..
  • -1 Hide
    zyst88 , December 20, 2013 6:47 AM
    So what? How does that change anything I've said in my previous post - all youre saying is that the exodus story is someone else's BS - so it's still BS and shouldnt be used as a warrant for anything....
  • 0 Hide
    pepe2907 , December 20, 2013 10:40 PM
    Interesting, how much data will be misinterpreted by the Israely secret ops if somebody farts in the room /quietly/?
  • -1 Hide
    alyoshka , December 21, 2013 4:18 AM
    Now that is cool.......but did it have to be the Israeli's??
  • -1 Hide
    tsnor , December 21, 2013 7:04 AM
    1. Neat article. If nothing else it'll be fun to ask the FIPS 140-4 guys at your favorite crypto board provider if they are singing out the keys. Should drive them nuts proving they are not.

    2. PLEASE DONT FEED THE TROLLS. just downrate them.
  • -2 Hide
    megiv , December 22, 2013 2:36 AM
    So the bible is BS...OK, now please enlighten me with the long history of the "Palestinian nation"...
    Until the British empire there was no such thing as Palestinians nation. There was only a geographical area referred to as Palestine, which included Jews and Arabs (Which were a mixture of Jordanians, Egyptians and some tribes from the Arabian desert).
    Many of the Arabs fled from "Palestine" in the war of 47 , because they were sure that the Arab armies will erase the Jews (finish Hitler's heritage, I guess.).
    The ones who stayed are living a good life under Israeli regime.
    The proof? Ask yourself why the Arabs in Israel never did an Arab spring...They live a good life here and they enjoy the wealthy and prosperity of living alongside Jews. They don't want Israel to become like it's neighbor Arab countries, or like Gaza, which is a direct result of Palestinian regime (Gaza gets millions but it all disappears under the hand of the Palestinian corruption and terror).
  • -1 Hide
    emad_ramlawi , December 23, 2013 2:33 AM
    Every Once while Israelis, comes up with those fab technological advances to "prove the world there superiority", they usually contain no evidence to back them up (much like there right to the "promised land"), and they come up at good time, just consider this report :

    Mandela received weapons training from Mossad agents in Ethiopia

    http://www.haaretz.com/news/features/.premium-1.564412

    They issues that report 2 days after Mandela passed away ...
Display more comments
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter