Author Topic: something interesting I found...  (Read 2548 times)

0 Members and 1 Guest are viewing this topic.

Offline smashedProtonTopic starter

  • Frequent Contributor
  • **
  • Posts: 641
  • Country: us
something interesting I found...
« on: December 20, 2013, 01:41:59 am »
http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

Above is an article I found on acoustic hacking.  apparently you can use a listening device or a compromised mobile device to listen to the inductors on a computer motherboard to get an idea on the type of operation that the cpu is doing.  Personally I think that it is total bullshit, and that you could do much more fun things with physical access than that.  any thoughts?
http://www.garrettbaldwin.com/

Invention, my dear friends, is 93% perspiration, 6% electricity, 4% evaporation, and 2% butterscotch ripple.
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7799
  • Country: us
  • adieu
Re: something interesting I found...
« Reply #1 on: December 20, 2013, 01:48:56 am »
Quote
Eavesdropping en masse. In a setting where multiple devices are placed in proximity, such as a server
room, an attacker could compromise some device equipped with a microphone. The software would then
record the neighboring devices, disambiguate their (typically distinct) acoustic signatures, and mount
attacks on each of them. After transmitting the findings, the attack software would self-erase, leaving
no anomalous evidence in hardware.

IMO, the idea that a compromised computer could eavesdrop on another computer from which it is air-gap isolated is significant.
No longer active here - try the IRC channel if you just can't be without me :)
 

Online Vgkid

  • Super Contributor
  • ***
  • Posts: 2727
  • Country: us
Re: something interesting I found...
« Reply #2 on: December 20, 2013, 01:57:15 am »
This sounds like total BS, fans are louder than anything else inside a compter.
If you own any North Hills Electronics gear, message me. L&N Fan
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7799
  • Country: us
  • adieu
Re: something interesting I found...
« Reply #3 on: December 20, 2013, 02:00:20 am »
This sounds like total BS, fans are louder than anything else inside a compter.

But at a different point in the spectrum. An FFT can recover shockingly small amounts of data from shockingly large amounts of noise...
No longer active here - try the IRC channel if you just can't be without me :)
 

Offline Hypernova

  • Supporter
  • ****
  • Posts: 655
  • Country: tw
Re: something interesting I found...
« Reply #4 on: December 20, 2013, 04:44:36 am »
Side channel attacks like this can't work if the power circuit is powering multiple devices. Existing techniques tend to involve probing Vcc current of individual chips. Either way modern crypto chips already have dummy load circuits built in to prevent this kind of attack.
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16384
  • Country: za
Re: something interesting I found...
« Reply #5 on: December 20, 2013, 04:55:52 am »
It will be doable on a single threaded computer running a single task, with absolutely nothing running in the background. If you have a typical computer, with hundreds of processes all sharing the CPU time on multiple cores then the typical noise will bury the data you want in random noise which is uncorrelated, and thus not filterable.
 

Offline codeboy2k

  • Super Contributor
  • ***
  • Posts: 1836
  • Country: ca
Re: something interesting I found...
« Reply #6 on: December 20, 2013, 09:26:26 am »
Academics like to write papers, and they employ themselves this way, with grant money from where ever they can get it.

This type of research takes months, maybe years, and culminates in the linked paper, and frankly I find it interesting as well as useful research.
It may not work outside of a controlled environment, but rest-assured they have researched it and it works, and then it's worth publishing.

I do find it interesting that they can gain insight into the victims private RSA key using their techniques... which is to send chosen text to the victim encrypted with the victim's public key, and have them open it (i.e. email) and decrypt it with their private key, then listen to the PC to gain insight into the private key to feed to their cryptoanalysis.  The goal is to reduce the search space, and they seem to have been able to do that.

So maybe the TV shows where the secret agent puts his secret device near the bad-guy's PC and can get a password in real time is not science fiction after all :)
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf