We’ve all heard the humming and vibration a computer’s coils and capacitators make. You may even know that these noises fluctuate based on the amount of power the processor is drawing. This concept is known as the machine’s “sonic signature,” and it can now be used to launch cyber strikes, specifically by decrypting messages being sent to the computer, The Economist reports.
As the article explains, “processing different RSA keys . . . produces different sonic signatures.” “Acoustic cryptoanalysts” collect individual binary digits, or “bits,” of a key and use that information to trick the computer into decrypting messages.
Tricking the machines proved surprisingly easy. Encrypted incoming e-mails are often decrypted as they arrive, so all [you have] to do [is] send the laptops encrypted emails carefully crafted so the acoustic leakage produced by decrypting them [is] specifically related to the value of particular bits in the key. A series of such texts, each building on knowledge gleaned from the previous attack, gradually builds up the whole number.
Perhaps of more importance than the fact that this can be done, is the fact that it can be done pretty easily without detection since the emails are likely to get tucked away in a spam folder somewhere without ever being noticed.
The Economist’s piece goes into more detail about how this can be done, and how sophisticated the technology would have to be to pull it off. I recommend taking a look at the full report.
2 Pingbacks