something interesting I found...

[smashedProton]

http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

Above is an article I found on acoustic hacking.  apparently you can use a listening device or a compromised mobile device to listen to the inductors on a computer motherboard to get an idea on the type of operation that the cpu is doing.  Personally I think that it is total bullshit, and that you could do much more fun things with physical access than that.  any thoughts?

[c4757p]

Eavesdropping en masse. In a setting where multiple devices are placed in proximity, such as a server
room, an attacker could compromise some device equipped with a microphone. The software would then
record the neighboring devices, disambiguate their (typically distinct) acoustic signatures, and mount
attacks on each of them. After transmitting the findings, the attack software would self-erase, leaving
no anomalous evidence in hardware.

IMO, the idea that a compromised computer could eavesdrop on another computer from which it is air-gap isolated is significant.

[Vgkid]

This sounds like total BS, fans are louder than anything else inside a compter.

[c4757p]

This sounds like total BS, fans are louder than anything else inside a compter.

But at a different point in the spectrum. An FFT can recover shockingly small amounts of data from shockingly large amounts of noise...

[Hypernova]

Side channel attacks like this can't work if the power circuit is powering multiple devices. Existing techniques tend to involve probing Vcc current of individual chips. Either way modern crypto chips already have dummy load circuits built in to prevent this kind of attack.

[SeanB]

It will be doable on a single threaded computer running a single task, with absolutely nothing running in the background. If you have a typical computer, with hundreds of processes all sharing the CPU time on multiple cores then the typical noise will bury the data you want in random noise which is uncorrelated, and thus not filterable.

[codeboy2k]

Academics like to write papers, and they employ themselves this way, with grant money from where ever they can get it.

This type of research takes months, maybe years, and culminates in the linked paper, and frankly I find it interesting as well as useful research.
It may not work outside of a controlled environment, but rest-assured they have researched it and it works, and then it's worth publishing.

I do find it interesting that they can gain insight into the victims private RSA key using their techniques... which is to send chosen text to the victim encrypted with the victim's public key, and have them open it (i.e. email) and decrypt it with their private key, then listen to the PC to gain insight into the private key to feed to their cryptoanalysis.  The goal is to reduce the search space, and they seem to have been able to do that.

So maybe the TV shows where the secret agent puts his secret device near the bad-guy's PC and can get a password in real time is not science fiction after all