The authors can identify the pattern of vibrations in a laptop caused by the repetitive operations of the RSA algorithm. It seems mitigated by the fact that it takes an hour of listening to the laptop doing RSA decryptions over and over again. I would never have guessed that RSA made that distinctive an acoustic pattern.
In the 90s, I worked on a Sun4 workstation with my headphones plugged into the chassis. The headphone cable lay parallel to the monitor cable, and I found that the induced current in the headphone cable let me hear distinctive patterns of graphic data being rendered on screen. E.g. I could hear when I was using Ximtool (astronomical image display from IRAF – http://iraf.noao.edu/). So, I guess this is not that far-fetched.
Originally shared by Robert Love
Winner of most fascinating and most scary thing of the day: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis by the S in RSA.
This was first discussed in 2004 but is now practical, not theoretical:
“Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.”
Fixed in GnuPG 1.4.16 and 2.x via https://en.wikipedia.org/wiki/Blinding_(cryptography).