Friday 20 December 2013

When the acoustics of your computer's components provide an entry point for hackers

Many of us (quite rightly) use software to enhance security on our computers. This software ranges from the very simple - such as port blocking - to the more complex such as TCP encryption. There's now a new way to get hold of the 4096-bit RSA decryption keys on your computer by listening to the vibrations that your computer's CPU makes. Yes, really.

The reaction of many on Twitter has been shock to the point of near-defecation, and on prima facie evidence it looks to be legitimate. 

Here's how it works.

You have probably heard a computer, at some point, emit a high-pitched noise. This noise is the sum total of its components working. Think of it as a choir. Now, when one of those choristers doesn't sing, or sings baritone rather than falsetto, then entire sound changes. So, it becomes easy to find out exactly who's doing what in the choir by listening to its overall performance.

The same is true of this research, from three Israeli academics. Their presentation observes that different components emit different audio patterns, and specifically, different RSA keys produce different acoustic emissions from the CPU. Although these differences are very, very slight, it's possible to "listen" to them using... well... here's what they say: "... in some cases, a regular mobile phone is good enough. We have used a mobile phone to acoustically extract keys from a laptop at a distance of 30cm". Using an appropriately-configured parabolic microphone (one with a concave dish), the researchers could extract the keys from a computer 4 metres away.

The summary is as follows:

In almost all machines, it is possible to distinguish an idle CPU (x86 "HLT") from a busy CPU. On many machines, it is moreover possible to distinguish different patterns of CPU operations and different programs.
Using GnuPG as our study case, we can, on some machines: distinguish between the acoustic signature of different RSA secret keys (signing or decryption), and fully extract decryption keys, by measuring the sound the machine makes during decryption of chosen ciphertexts.

The issue has been reported by the researchers to the Common Vulnerabilities and Exploits site here (currently it's a closed ticket). They admit that listening to components is not the only way in which data could be extracted; measuring the current drawn from the computer's power supply is another. But, this particular finding has the opportunity to be much more covert, as it can be arranged with a decent mobile phone. The attack can't even be prevented through a computer fan being on, or other atmospheric noise, because of the specific low bandwidths used by the CPU's noise emissions.

There are some simple ways to prevent this from happening; decent sound insulation of computers is one, as is - at a more industrial level - better circuit design and fabrication.

But still, as one Twitter user put it: holy shit snacks.


Main image: Circuit Board City Main image source/credits: Tim Fields, CC licence

Twitter, Facebook
Terms & Conditions, Privacy, Cookies