[guardian-dev] Smartphones: Acoustic Key Breakers
Nathan of Guardian
nathan at guardianproject.info
Wed Dec 18 10:36:47 EST 2013
>From GnuPG:
http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html
"The second attack is more serious. It is an adaptive chosen ciphertext
attack to reveal the private key. A possible scenario is that the
attacker places a sensor (for example a standard smartphone) in the
vicinity of the targeted machine. That machine is assumed to do
unattended RSA decryption of received mails, for example by using a mail
client which speeds up browsing by opportunistically decrypting mails
expected to be read soon. While listening to the acoustic emanations of
the targeted machine, the smartphone will send new encrypted messages to
that machine and re-construct the private key bit by bit. A 4096 bit
RSA key used on a laptop can be revealed within an hour."
More information about the Guardian-dev
mailing list