7

This 2015 Wired article claims it is possible to use a remote device to determine a key used during decryption by sampling the radio emissions from the processor at 100kHz

They also claim that by:

tricking the target into decrypting a carefully chosen message, they were able to “twist the algorithm’s arm” into leaking more sensitive information, creating more clues in the leaked emanations for their PITA radio to pick up.

Even with this condition, it seems unlikely for a modern processor to emit enough radio noise such that a device can get meaningful info. But I'm not an electrical engineer

Oddthinking
  • 140,378
  • 46
  • 548
  • 638
Akash
  • 199
  • 5

1 Answers1

4

In 2013, this (unpeer-reviewed) paper, RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis demonstrated a similar method, using acoustic noise, and argue that electrical potential could also be used. (They don't use electrical noise.)

It shares two of the same co-authors as the paper cited by Wired, so it is basically the same research team.

It was written up by Slashdot.

Gnupg fixed the issue http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html

exussum
  • 177
  • 5
  • 4
    During my edit, I looked at the paper. It doesn't address electrical noise. Given it is the same research team, it doesn't seem to add much confidence to the claim. This is not an independently-reproduced experimental result, but merely another unconfirmed claim from the same people. – Oddthinking Jun 24 '15 at 02:04
  • 1
    I would argue not unconfirmed as there was a new release of software because of this. If it was unfounded there would be no code to fix – exussum Jun 25 '15 at 21:51
  • 2
    That's an unsafe argument; the fix may have been political or for the "optics". It also doesn't explain how they were allegedly able to reproduce the same issue in electrical noise, when the alleged solution should have fixed it. – Oddthinking Jun 26 '15 at 02:23