Trending

Filed under: News

 

Researchers Break RSA 4096 Encryption With Just A Microphone And A Couple Of Emails

Dec 21 2013, 8:36am CST | by

 
 
 

As if it wasn’t enough that the NSA paid RSA $10 million to adopt an algorithm that wasn’t entirely secure, researchers have now demonstrated that they can break even RSA 4096 bit encryption with little more than a few emails and a microphone. And that microphone can indeed just be one in a smartphone sitting on the desk.

Researchers from Tel Aviv University and the Weizmann Institute of Science discovered that they could steal even the largest, most secure RSA 4,096-bit encryption keys simply by listening to a laptop as it decrypts data.

To accomplish the trick, the researchers used a microphone to record the noises made by the computer, then ran that audio through filters to isolate the vibrations made by the electronic internals during the decryption process. With that accomplished, some cryptanalysis revealed the encryption key in around an hour.

Well, no, pace Engadget it is a little more complex than that. You can’t just listen to a computer and break the algos just like that.

Here’s what the researchers did do though. Send several emails to the system itself: this way they knew what the content of the emails was. They also recorded the sounds of the computer decoding those known emails. For all computers do indeed make noises as they work: not just the disk, other components make small sounds as they heat up, cool and so on.

Now the researchers have two sets of information and they know that actually, these two are connected. They’ve the noises made from decoding known emails. With that there is the possibility of pattern matching and that’s what they’re doing next. From that, as they say, they can extract the encryption key in around an hour.

This isn’t, of course, something that is ever going to be done on any large scale: it’s solely a one target sorta technique. You’ve got to be sending your test emails to a specific machine that you are then recording the sounds from. So it’s not going to be something that the NSA tries to randomly use on 300 million of us. But it would very much be a useful technique when a computer has been seized and no one knows what the encryption key to the data upon it is. Even there it won’t be used all the time: in my native UK it is actually illegal to have encrypted material that you refuse to hand over the key to if law enforcement asks you to. So the majority of material will be unlocked by the accused, but this would still help when said accused isn’t actually in custody.

Source: Forbes

You Might Also Like

Updates

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Apple Avoids Heartbleed: Here’s Why
Apple Avoids Heartbleed: Here’s Why
Apple didn't fall victim to the Heartbleed vulnerability due to Apple’s notorious control
 
 
Leaked specs of the yet to be announced Moto E
Leaked specs of the yet to be announced Moto E
With better measurements, the phone will be more elegant looking than the Moto G and Moto X
 
 
Toshiba&#039;s powerful display offering on its new Satellite P55t
Toshiba's powerful display offering on its new Satellite P55t
With a 4K resolution of 3840 by 2160 pixels, this seems quite a compelling deal
 
 
Anna Kournikova has never met boyfriend Enrique Iglesias' dad Julio Iglesias
The two never enjoyed an open father and son relationship
 
 
 

The Hottest Photos of Victoria's Secret Fashion Show 2013

 

Viral Stories the Web