Side-channel attack: PC Hardware is physically leaking encryption keys through the operating noise it makes
Five researchers from Tel Aviv University discovered a way to pick up cryptographic keys from the sound emanating from different components exchanging data inside a computer. For example they can exploit what is called “coil whine”, the sound made by coils and other components as electrical current passes through them. They say they can do this by extracting binary operations from the sound waves through reverse engineering.
When a PC is running, the power consumption of its CPU and related chips changes drastically depending on the computation being performed in each moment. If the computer is trying to encrypt data in various applications, the electronic components in the PC’s internal power supply struggle to provide constant voltage to the chips, and this causes the fluctuations and the resulting vibrations.
The paper that appeared in the Communications of the ACM:
Physical Key Extraction Attacks on PCs
(Daniel Genkin, Lev Pachmanov, Itamar Pipman, Adi Shamir, Eran Tromer)
By recording such noise while a target is using the RSA algorithm to decrypt ciphertexts (sent to it by the attacker), the RSA secret key can be extracted within one hour for a high-grade 4,096-bit RSA key. We experimentally demonstrated this attack from as far as 10 meters away using a parabolic microphone or from 30cm away through a plain mobile phone placed next to the computer.
A surprising result of our research is how practical and easy are physical key-extraction side-channel attacks on PC-class devices, despite the devices’ apparent complexity and high speed. Moreover, unlike previous attacks, our attacks require very little analog bandwidth, as low as 50kHz, even when attacking multi-GHz CPUs, thus allowing us to utilize new channels, as well as inexpensive and readily available hardware.
Internatioal Business Times
Their previous side-channel attack example from 2014, by just touching a laptop while wearing an anti-static wristband. The wristband will measure all the tiny changes in the ground electrical potential that can reveal even stronger encryption keys, such as a 4,096-bit RSA key.