Team Captures RSA Keys With AM Radio and Cell Phone
Coil whine: it’s not just a problem for PC gaming enthusiasts anymore. A recent paper outlines an attack vector for capturing RSA keys by analyzing the noises, RF variations, or electromagnetic changes produced from computers as they do intense computational tasks. Of particular note is their work capturing RSA keys with sound. This so-called ‘coil whine’ is loud and regular enough to be picked up by a cell phone mic attached to an AM radio from as much as a foot away, or over thirty feet using more sophisticated equipment. The process takes time, isn’t stealthy, and isn’t exactly practical for the average hacker to execute, but the vulnerability is there nonetheless. The primary concern here is that those under long-term surveillance may have their keys compromised if using outdated RSA encryption.
Coil Whine Gives Away Your RSA Keys
Any PGP attack vector should be of particular concern to those who own and trade in cryptocurrency, as wallets are secured with this technology. While physical measures can be taken to protect against this type of attack, the recommendation from the white hat team that discovered the vulnerability is to make revisions to cryptography software to hide the activity from acoustic analysis, to prevent general end users from being vulnerable. Luckily, GPG is in the process of implementing this, and other encryption tools are following suit.
There are a variety of other attacks, with varying degrees of effectiveness, outlined in the original document. Some use RF fluctuations; others exploit changes in electrical potential on cables attached to the machine being attacked (ethernet cables, power cords, display adapters, etc.) While the more privacy conscious of us won’t like the idea that any old hidden microphone, electrical probe, or RF sensitive wire loop could be recording our computer as it chugs through its decryption routines, It’s good to know that the vulnerability is there, and open source projects like Gnu Privacy Guard (GPG) are taking steps to render the exploit ineffective.
Thoughs on this new set of physical attack vectors? Let us know in the comments!