Israeli Scientists Prove it’s Not Safe to Click on Your Keyboard

This post is also available in: עברית (Hebrew)

A trio of scientists have proved that they can extract a 4096-bit RSA key from a laptop using an acoustic side-channel attack that enables them to record the noise coming from the laptop during decryption, using a smartphone placed nearby. This verifies their results that they first presented nearly 10 years ago. The attack, laid out in a new paper, can be used to reveal a large RSA key in less than an hour.

According to Threat Post three scientists from Israel improved on some preliminary results they presented in 2004 that revealed the different sound patterns that different RSA keys generate. Back then, they couldn’t work out a method for extracting the keys from a machine, but that has now changed. The research, which involves Adi Shamir, one of the inventors of the RSA algorithm and a professor at Weizmann Institute of Science, and two other academic researchers from Tel Aviv University, lays out a method through which an attacker can use a smartphone placed near a laptop to record the sounds generated by the machine during a decryption operation.

iHLS – Israel Homeland Security

To test their attack, the researchers performed it against GnuPG using OpenPGP messages containing their chosen chiphertext. OpenPGP will, in some cases, automatically decrypt incoming email messages.

Their attack works against a number of laptop models and they said that there are a number of ways that they could implement it, including through a malicious smartphone app running on a device near a target machine. They could also implement it through software on a compromised mobile device or through the kind of eavesdropping bugs used by intelligence agencies and private investigators.