When Your Cell Phone Can Break Your GPG Key (and Snowden stuff)

QOTD: “These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.” — Edward Snowden in his statement to Brazil (which, now that I think of it, was probably his way of rejecting US “asylum for silence+re-education”)

An ordinary cell phone, placed next to your computer, can capture the acousitc emissions from capacitors and inductors on your motherboard… and thereby extract full 4096-bit RSA decryption keys whenever you fire up GPG. This is not a theoretical attack, they’ve actually done this.

Even worse — much worse, in my opinion — is that measuring the electrical potential of the computer chassis allows you to perform the same result. You can get the necessary information by measuring the voltage potentials at the end of ground wires, as found in USB or Ethernet cables. (Almost certainly also from the power ground, but that’s a bit touchier to tap.)

You know it’s bad when: the White House says “Americans must never make the mistake of wholly “trusting” our public officials.” For once, I agree with the US government! pic.twitter.com/WTPwnhDk6G

His NSA coworkers regarded Snowden as “a genius among geniuses,” with a penchant for wearing EFF hoodies. Almost missed this one.

Notably, Snowden had developed a backup system that the NSA put into operation for cryptanalysis work.

Hmm.

It’s not clear he had access to the backup system after it had been implemented… but… just perhaps… there may yet be some interesting thigns to come. http://www.forbes.com/sites/andygreenberg/2013/12/16/an-nsa-coworker-remembers-the-real-edward-snowden-a-genius-among-geniuses/

http://www.cs.tau.ac.il/~tromer/acoustic/

“Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.”

Advertisements
%d bloggers like this: