So a hacker group managed to retrieve a GPG key by listening to the tiny sounds coming from a processor while it was doing the crypto operations right? From what I remember the range in that case wasn't bad, and you just needed to have the microphone close to the computer, not even inside it.
This is what's terrifying to me: every laptop has a microphone, every phone does too, and they both have processors. If in the GPG experiment, they didn't even need to have the microphone in the computer, imagine how much more reliable it'd be if it were. It seems to me it would be really easy to get the key from the system's encrypted drive just by turning on its internal microphone while it's doing crypto. Wouldn't it?
Can this be generalized to any processor operation? For example, if you were on a voice chat and you were reading a confidential file from disk, would the other party potentially be able to get parts of that file from the audio alone?
I definitely hear noises from my laptop when I do something like reading files. I think this is coil whine from the VRM, but I do wonder if that's enough to get information since power analysis is a thing, or if the processor sounds is also in there, waiting to be decoded.
[link] [comments]
from hacking: security in practice https://ift.tt/3qPCerU
Comments
Post a Comment