With all of the attempt at hacking
into systems and addressing vulnerabilities, it’s sort of ironic to discover
that some security researchers were actually able to break the RSA 4096
encryption algorithm by simply listening to the computer’s CPU. (Anthony, 2013) More specifically, “the
security researchers listen to the high-pitched (10 to 150 KHz) sounds produced
by your computer as it decrypts data” (Anthony, 2013) . Interesting enough this process has
been dubbed as a side channel attack. (Anthony, 2013) This is a rather interest type of
attack that I’m sure most people would easily miss. I found this very
interesting and intriguing.
Interesting enough, “In terms of
real-world repercussions, acoustic cryptanalysis is actually surprisingly
dangerous. Imagine if you were decrypting some files in a library, coffee shop,
or other public space — someone could obtain your decryption key just by
placing their phone near your computer. Alternatively, an attacker could use
spear phishing to put malware on your phone that listens for the decryption
key. With HTML5 and Flash able to access the microphone, it would be possible
to build a website that listens for encryption keys too. The researchers
propose one particularly nefarious scenario: Put a microphone into a co-located
server, slot it into a rack in a data center, and then scoop up the encryption
keys from hundreds of nearby servers” (Anthony, 2013) . This is actually very cool if you
think about the possibilities. However, I’m not sure the risk is a typically
high as other risks out there which is probably a really good thing.
How do you protect yourself from
this type of attack? Well, a co-worker of mind said you could play music really
loud and rationalize doing this at work by claiming that you need to protect
the sounds coming from your keyboard.
This made me laugh but I’m not sure too many mangers would be happy with
this approach. Therefore, “If you want to keep your data secure, you only
really have two viable options: Heavy-duty encryption, physical security, and
ideally both at the same time. If an attacker can’t get physically close to
your data, it instantly becomes much harder to steal it. As far as mitigating
acoustic cryptanalysis attacks, you either implement physical security — keep
your laptop in a sound-tight box, or never let anyone near your computer when
you’re decrypting data — or you need to use a ‘sufficiently strong wide-band
noise source.’ Something like a swooping, large-orchestra classical concerto
would probably do it” (Anthony, 2013) . I’m not sure I’d be too highly
concerned at the moment with this vulnerability but I’d probably be cautious if
a person strangely tries anything like the ideas mentioned.
References
Anthony, S. (2013, December 18). Researchers
crack the world’s toughest encryption by listening to the tiny sounds made by
your computer’s CPU. Retrieved from Extreme Tech:
http://www.extremetech.com/extreme/173108-researchers-crack-the-worlds-toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu
No comments:
Post a Comment