Coil whine: it’s not just a problem for PC gaming enthusiasts anymore. A recent paper outlines an attack vector for capturing RSA keys by analyzing the noises, RF variations, or electromagnetic changes produced from computers as they do intense computational tasks. Of particular note is their work capturing RSA keys with sound. This so-called ‘coil whine’ is loud and regular enough to be picked up by a cell phone mic attached to an AM radio from as much as a foot away, or over thirty feet using more sophisticated equipment. The process takes time, isn’t stealthy, and isn’t exactly practical for the average hacker to execute, but the vulnerability is there nonetheless. The primary concern here is that those under long-term surveillance may have their keys compromised if using outdated RSA encryption.
Read also: ownCloud Closes Following Launch Of Competing NextCloud
Coil Whine Gives Away Your RSA Keys
Any PGP attack vector should be of particular concern to those who own and trade in cryptocurrency, as wallets are secured with this technology. While physical measures can be taken to protect against this type of attack, the recommendation from the white hat team that discovered the vulnerability is to make revisions to cryptography software to hide the activity from acoustic analysis, to prevent general end users from being vulnerable. Luckily, GPG is in the process of implementing this, and other encryption tools are following suit.
Thoughs on this new set of physical attack vectors? Let us know in the comments!
Images (credit)