Filed under: News


Researchers Break RSA 4096 Encryption With Just A Microphone And A Couple Of Emails

Dec 21 2013, 8:36am CST | by


As if it wasn’t enough that the NSA paid RSA $10 million to adopt an algorithm that wasn’t entirely secure, researchers have now demonstrated that they can break even RSA 4096 bit encryption with little more than a few emails and a microphone. And that microphone can indeed just be one in a smartphone sitting on the desk.

Researchers from Tel Aviv University and the Weizmann Institute of Science discovered that they could steal even the largest, most secure RSA 4,096-bit encryption keys simply by listening to a laptop as it decrypts data.

To accomplish the trick, the researchers used a microphone to record the noises made by the computer, then ran that audio through filters to isolate the vibrations made by the electronic internals during the decryption process. With that accomplished, some cryptanalysis revealed the encryption key in around an hour.

Well, no, pace Engadget it is a little more complex than that. You can’t just listen to a computer and break the algos just like that.

Here’s what the researchers did do though. Send several emails to the system itself: this way they knew what the content of the emails was. They also recorded the sounds of the computer decoding those known emails. For all computers do indeed make noises as they work: not just the disk, other components make small sounds as they heat up, cool and so on.

Now the researchers have two sets of information and they know that actually, these two are connected. They’ve the noises made from decoding known emails. With that there is the possibility of pattern matching and that’s what they’re doing next. From that, as they say, they can extract the encryption key in around an hour.

This isn’t, of course, something that is ever going to be done on any large scale: it’s solely a one target sorta technique. You’ve got to be sending your test emails to a specific machine that you are then recording the sounds from. So it’s not going to be something that the NSA tries to randomly use on 300 million of us. But it would very much be a useful technique when a computer has been seized and no one knows what the encryption key to the data upon it is. Even there it won’t be used all the time: in my native UK it is actually illegal to have encrypted material that you refuse to hand over the key to if law enforcement asks you to. So the majority of material will be unlocked by the accused, but this would still help when said accused isn’t actually in custody.

Source: Forbes

You Might Also Like


Shopping Deals


<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.




blog comments powered by Disqus

Latest stories

Hagen Hopkins/Getty Images
Final Hobbit Movie Gets Official Title
The Movie Will No Longer be Known as "There and Back Again"
Netflix Launching Services through Cable Companies
Netflix Launching Services through Cable Companies
The Online Streaming Company Lands a Deal with 3 Cable Providers
Justin Sullivan/Getty Images
Microsoft Beats Analysts Predictions With 20.40B in 3rd Quarter Revenue
The Software Giant has Strong Sales in the Commercial Market
Dark Souls II for PC Launches Early but Pre-order Bonus Still Live + 25% Discount
Dark Souls II for PC Launches Early but Pre-order Bonus Still Live + 25% Discount
At 6PM Eastern Dark Souls 2 on PC will make its PC gaming debut. However, pre-order bonuses still live and a 25% discount at one retailer.

The Hottest Photos of Victoria's Secret Fashion Show 2013


Viral Stories the Web