A nearby phone is all it takes to break a powerful encryption technique, according to Israeli researchers.
We all know the noises computers make — the whir of a fan, the whine of a hard drive spinning up, the barely-audible sound of a processor hard at work. But these noises do more than tell you your PC is working — researchers have shown that by listening in with a common mobile phone, they can break the computer's powerful encryption methods.
The research, done by several Israeli security experts, sounds like the stuff of science fiction. And it's true, a microphone that could hear millions of nano-sized transistors switching on and off would be science fiction. But in fact, this clever technique is rather old-school and analog.
Computers make many noises, but only a few were interesting to the team. While listening to the CPU is impossible, one can listen to the many capacitors and coils that regulate the electrical current powering the CPU. When the processor is hard at work, the power consumption goes up — and the sound changes. When the processor idles, the opposite happens.
By feeding the computer a specially prepared encrypted file, the researchers can control how hard it's working at any given time. The specifics are extremely complicated, but think of it this way: In decoding the file, the computer may take such-and-such a time at so-and-so a CPU usage level to figure out an "A," due to how heavily the 1s and 0s that make it up are encoded. "B," or "7," or any other given character would likewise have a sort of "signature sound." With enough time, the listener can reconstruct the secret encryption key that the computer is using to decode the data.
Lots of careful analysis yields clear data showing when certain information is being decoded by the computer.
It's shown that this type of attack can be done with a phone placed near the target or a more powerful microphone further away ... but sound isn't the only way to get that information.
Those tiny electrical fluctuations can also be detected on any exposed conductive surface of the computer. Incredibly, "a suitably-equipped attacker need merely touch the target computer with his bare hand," write the researchers. Those minute changes could then be detected by hidden voltage monitor in contact with his skin.
Should you be worried about super-powered hackers breaking into your device with this complex technique? Right now it's only been proven in a few highly controlled situations, so you're better off worrying about garden-variety malware and phishing. But such exotic techniques may become more common in the future if we can't figure out how to make our computers simmer down a bit.
If you're interested in the more technical aspects of the hack, you can read the paper describing it. The authors are Daniel Genkin and Eran Tromer of Tel Aviv University and Adi Shamir of the Wizmann Institute of Science.
Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.
First published December 19 2013, 1:08 PM