Bitcoin Forum

http://freedomwat.ch/wp-content/uploads/2013/12/acoustic-cryptanalysis-cpu-instructions-640x4891.png

“Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening – yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. In this case, the security researchers listen to the high-pitched (10 to 150 KHz) sounds produced by your computer as it decrypts data.  The researchers successfully extracted decryption keys over a distance of four meters (13 feet) with a high-quality parabolic microphone. They also managed to pull of this attack with a smartphone placed 30 centimeters (12 inches) away from the target laptop.”

http://www.extremetech.com/extreme/173108-researchers-crack-the-worlds-toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu (http://www.extremetech.com/extreme/173108-researchers-crack-the-worlds-toughest-encryption-by-listening-to-the-tiny-sounds-made-by-your-computers-cpu)

(we're going to need safe rooms in deep underground bunkers to access our wallets)

http://images4.wikia.nocookie.net/glee/images/3/36/Mind_Blown.jpg

Agreed with the playing music option, have a bunch of random static noise to cancel out any frequencies made by the CPU so any attackers will have a hard time decoding the noise

Or make invisible noise that only those kinds of microphones can hear

Then there will be anti-invisible noise microphones

Anyway there will be a long lasting war vs these microphones as they become more powerful, the cpus become more silent and more distractions are made for them as well.

You could easily render those listening devices useless by continuously playing a loop of the song She Blinded Me With Science by Thomas Dolby.

http://images1.wikia.nocookie.net/__cb20121008172911/bigbangtheory/images/5/5c/BWS.jpg

No, like I said, the same people who cracked the code can filter out any excess noise, that includes that song

Lol that's crazy :o

Music or recordings aren't going to help you.  Your speakers aren't capable of producing frequencies that high.  This sound is at about 290KHz.  Your speakers peter out at about 20KHz.

So they'll invent new speakers that produce higher frequencies just for this issue.

 :o MIND BLOWING ...

Dang , nothing is safe nowadays .

Hmmmm... with CPUs pushing data through at gbps, I'm not so sure that the sound sampling is going to be quick enough.

Calling BS.

Fascinating. I wonder how long until we see a phone app for this.

That's absolutely insane... Yet cool at the same time!

Like others, I guess I'll be listening to some loud music from now on.

I need to cut my micro chip from my motherboard with the sound card !!! Yes this is insane !

You can easily get rid of the problem with multi core CPUs or some background CPU-intensive process.
I see it as an exploit that works only in laboratories.

The PC bios has "spread spectrum" options to mitigate this kind of attacks

I'm not a hardware expert but haven't we known for years about this kind of thing? Not surprised somebody has found out how to work stuff out through the computer noises because you even can diagnose technical problems from the beeps that come from your motherboard when you turn on the computer. To get past this it should be just a matter of designing components so that they don't transmit noises like this anymore if you want to be really paranoid about hackers.

While it's certainly pretty cool I don't know if it's cause for panic :P

Keep in mind that you need:

• to send several mails (amount depends on the length of the key) to the victim which you know the content off, mainly because of the bandwith of the used frequency.
• a victim using an old GPG version (2.x is not affected)
• to be able to get that close to your victim at the moment the prepared mails are encrypted
• a victim using specific hardware (as far as I understood the paper not every cpu, board etc. is affected)

so keep your panties on and update GPG, which you should have done allready anyway.

Easy to stop, just do this in the background:
(basically spams "y" to /dev/null)

woah.. that is bananas

Another encryption system cracked open, well, at least a bit. :-\

they can listen in on your computer using the power supply, no internet connection needed, the power grid is the internet  ;)

And which is also quite rare (clarifying number one on your list), the recipient has to have configured her system so that it automatically decrypts any received messages. But anyway, that was just a demonstration of the possibility of such things and a very neat one. Who knows what might be possible if government agencies point sufficient resources, probably a lot more. Remember how many cryptographers NSA has employed, many of them on par with Shamir et al.

That's one crazy attack! These hardware-based attacks are interesting to me.

I hope you are joking lol. The "beeps" come from the motherboard speaker, it is there exactly to make these beeps, it is not they appear randomly lol. The speaker is there exactly to make beeps to tell you what's wrong.

There is a lot more out there.

http://es.slideshare.net/endrazine/defcon-hardware-backdooring-is-practical

http://www.youtube.com/watch?v=8Mb4AiZ51Yk

Great talk on hardward backdoors.


http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

The allready famous "badBIOS" virus.

I thought spread spectrum was to tweak the radio emissions (spread it out over a wider band, rather than having big spikes at specificly frequencies), not acoustic emissions.

AFAICT, what they're picking up is high-frequency coil whine off the VRM.

Please read this article, the information quote from the OP is incomplete
http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-4096-encryption-with-just-a-microphone-and-a-couple-of-emails/

I like how noone in this forum reads the comments others allready made.

Well to make this a little more than just a bitchy comment (sorry for that)

Dont read that forbes article its just as bad as any other, read the original paper, here: http://cs.tau.ac.il/~tromer/acoustic/

As allways, read the source.

Yeah, it's a known-plaintext attack.  Still potentially effective.  I send you a GPG-encrypted email (which I obviously know the content of) and listen in to it being decrypted and run off with your private key.

How the hell did you come to the conclusion that I was saying they appeared randomly?