Week 7 – Encryption cracked by simply listening to sounds from CPU

            With all of the attempt at hacking into systems and addressing vulnerabilities, it’s sort of ironic to discover that some security researchers were actually able to break the RSA 4096 encryption algorithm by simply listening to the computer’s CPU. (Anthony, 2013) More specifically, “the security researchers listen to the high-pitched (10 to 150 KHz) sounds produced by your computer as it decrypts data” (Anthony, 2013). Interesting enough this process has been dubbed as a side channel attack. (Anthony, 2013) This is a rather interest type of attack that I’m sure most people would easily miss. I found this very interesting and intriguing.

           

            Interesting enough, “In terms of real-world repercussions, acoustic cryptanalysis is actually surprisingly dangerous. Imagine if you were decrypting some files in a library, coffee shop, or other public space — someone could obtain your decryption key just by placing their phone near your computer. Alternatively, an attacker could use spear phishing to put malware on your phone that listens for the decryption key. With HTML5 and Flash able to access the microphone, it would be possible to build a website that listens for encryption keys too. The researchers propose one particularly nefarious scenario: Put a microphone into a co-located server, slot it into a rack in a data center, and then scoop up the encryption keys from hundreds of nearby servers” (Anthony, 2013). This is actually very cool if you think about the possibilities. However, I’m not sure the risk is a typically high as other risks out there which is probably a really good thing.

            How do you protect yourself from this type of attack? Well, a co-worker of mind said you could play music really loud and rationalize doing this at work by claiming that you need to protect the sounds coming from your keyboard.  This made me laugh but I’m not sure too many mangers would be happy with this approach. Therefore, “If you want to keep your data secure, you only really have two viable options: Heavy-duty encryption, physical security, and ideally both at the same time. If an attacker can’t get physically close to your data, it instantly becomes much harder to steal it. As far as mitigating acoustic cryptanalysis attacks, you either implement physical security — keep your laptop in a sound-tight box, or never let anyone near your computer when you’re decrypting data — or you need to use a ‘sufficiently strong wide-band noise source.’ Something like a swooping, large-orchestra classical concerto would probably do it” (Anthony, 2013). I’m not sure I’d be too highly concerned at the moment with this vulnerability but I’d probably be cautious if a person strangely tries anything like the ideas mentioned.

References

Anthony, S. (2013, December 18). Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU. Retrieved from Extreme Tech: http://www.extremetech.com/extreme/173108-researchers-crack-the-worlds-toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu