Hackers can gain access to secret encrypted messages using a standard mobile phone to listen to the noise made by a victim’s computer as it unlocks them, researchers warn.
Security conscious email users can use encryption software to lock and unlock messages and prevent third parties from reading them as they are routed to their destination. One such package is GnuPG, which experts have now shown is vulnerable to the low-tech attack.
By listening to the noise made as the computer unlocks the message, researchers were able to extract the decryption key, or password, needed to gain access to the encrypted information.
The noise which the researchers focused on was not the mechanical sound generated by fans or hard disks, but the vibration of tiny components in the voltage regulator as it tries to provide a constant voltage to the processor.
Some tests were carried out with expensive and extremely sensitive microphones, but in many cases it was enough simply to place a mobile phone near the laptop and listen via the built-in microphone. This means that an attack could potentially be carried out with nothing more than a smartphone, if the attack software could be written into an app. Currently the attack requires a laptop computer to analyse the audio and extract the decryption key.
Even though a CPU finishes individual operations so quickly that they cannot be individually distinguished in an audio signal, long series of operations such as those used in cryptography can produce a “spectral signature” which lasts several milliseconds.
These sounds are mostly above 10KHz, while typical computer fan noise are concentrated at lower frequencies and can be easily filtered out. Scientists from Tel Aviv University and the Weizmann Institute of Science demonstrated the attack in a paper released this week.
The researchers overcame one problem with the theorised attack – that they would have to know exactly when a victim was decrypting a message to be able to listen in and grab the key – by running an email package which automatically decrypted messages on receipt. The fake attackers then simply sent an email to the victim and listened to the resulting CPU activity.
Details of the vulnerability were passed to developers of the GnuPG software and a fix was released at the same time as the research was publicly unveiled. However, it is possible that other software packages are vulnerable to similar attacks.
The researchers suggest two simple steps that can be taken to avoid the vulnerability: put computers in sound-proof boxes, or blast the room with wide-band noise.
Earlier this month researchers from Germany's Fraunhofer Institute for Communication, Information Processing and Ergonomics developed malware that could capture keystrokes from a computer and hijack the soundcard to broadcast the data to a nearby machine as a high-frequency sound which cannot be heard by humans.
The experts were able to use the built-in speakers and microphones of computers to transmit passwords and other data at a rate of 20 bits per second over a distance of almost 20 metres, allowing the malware to “secretly leak critical data to the outside world”.