Experts have tested their attack against GNU Privacy Guard
Researchers from the Tel Aviv University and the Weizmann Institute of Science have come up with an attack method that can be used to extract full 4096-bit RSA keys simply by listening to the sound generated by computers.The method has been tested on GNU Privacy Guard (GnuPG), an open source variant of the OpenPGP standard. The experts have determined that, on almost all computers, it’s possible to distinguish different patterns of CPU operations.
In the case of GnuPG, the researchers have been able to differentiate the acoustic signatures of different RSA secret keys by measuring the sound generated by the device during the decryption process.
While expensive hardware has been used for the attack, in some cases, a regular mobile phone might be enough to intercept the valuable information. With the aid of specialized hardware, the experts have managed to acoustically extract the keys from a 4-meter distance.
However, the method also worked with a mobile phone placed 30 cm away from the targeted computer.
What’s interesting is that the attack works even if there are loud fan noises, several computers in one room, or if the targeted user is multitasking.
“The interesting acoustic signals are mostly above 10KHz, whereas typical computer fan noise and normal room noise are concentrated at lower frequencies and can thus be filtered out. In task-switching systems, different tasks can be distinguished by their different acoustic spectral signatures,” the researchers noted.
“Using multiple cores turns out to help the attack (by shifting down the signal frequencies). When several computers are present, they can be told apart by spatial localization, or by their different acoustic signatures (which vary with the hardware, the component temperatures, and other environmental conditions).”
There are several plausible attack scenarios. The keys can be obtained with the aid of a phone placed near the victim’s computer, with a piece of malware installed on the victim’s own phone, and a malicious website that uses the device’s microphone to capture sound.
The scientists have notified GnuPG of the issues and some countermeasures have been implemented in GnuPG 1.x and libgcrypt to mitigate the attack. On the other hand, it’s uncertain if other algorithms of cryptographic implementations are vulnerable.
The complete paper, “RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis,” is available on the Tel Aviv University’s website.