Shhh! The noise your computer makes could be used to decrypt your files

It's probably not something you need worry about in relation to your personal files just yet, but according to a newly published paper (the snappily titled "RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis") it appears that it is possible to extract 4096-bit RSA decryption keys by listening to the sounds made by a computer.

This might sound like the talk of someone paranoid, but it is actually more feasible than you might first think. And the paper has been penned by no less than Adi Shamir, the co-inventor of the RSA algorithm.

Shamir, working with Daniel Genkin and Eran Tromer from Tel Aviv University, proved that the sound generated by a laptop could be picked up with a mobile phone or a more distant microphone. Described as an acoustic cryptanalysis key extraction attack the technique exploits the fact that the vibration of hardware when used, and when dealing with different RSA keys different sound patterns are produced.

This is due to the fact that power usage alters dramatically when performing different tasks, and the resulting high-pitched tones can be detected with the right equipment. Tests showed that an RSA decryption key used by PNU Privacy Guard could be determined in an hour.

A mobile phone with a suitable app installed could be easily placed near a victim's computer, or there is even the possibility of remotely accessing a victim's own mobile to use it against them -- we're getting into the realms of Person of Interest now. So should you be concerned? Unless you're dealing with life-and-death data, probably not. Government bodies may want to take note, but for the average computer users there's probably not too much to lose sleep over.

Worryingly, decryption via sound is not the only means of extracting data. The trio of authors also found that it was possible to perform an attack by measuring the electric potential of the chassis of a computer. The paper suggests that this data could be gained by merely touching the case, or gathered from a USB, Ethernet or VGA cable.

All of this has an air of espionage about it -- making it simultaneously fascinating and disturbing!

Image Credit: Volodymyr Krasyuk/Shutterstock

© 1998-2017 BetaNews, Inc. All Rights Reserved. Privacy Policy.