![]() ![]() They were able to extract data using ground fluctuations on the computers chassis. Once they had the basic methods down, explored other attack vectors. The complete technical details of the attack vector are available in their final paper (pdf link). By using this information, and some very detailed spectral analysis, the team was able to extract encryption keys. The signature changes slightly depending on the data the processor is operating on. As each opcode is run, a sound signature is produced. They worked from there all the way down to the individual opcodes running on the x86 processor in the target PC. By directing the microphone at the processor air vents, they were able to extract enough sound to proceed with their attack. started from the source of GnuPG. ![]() The target machine in this case runs a copy of GNU Privacy Guard (GnuPG).ĭuring most of their testing, the team used some very high-end audio equipment, including Brüel & Kjær laboratory grade microphones and a parabolic reflector. The sound used to decode the encryption keys is produced not by the processor itself, but by the processor’s power supply, mainly the capacitors and coils. The group first described this attack vector at Eurocrypt 2004. It may sound a bit like magic, but this is a real attack – although it’s practicality may be questionable. , students researchers at Tel Aviv University and the Weizmann Institute of Science have successfully extracted 4096-bit RSA encryption keys using only the sound produced by the target computer. Posted in Microcontrollers, Security Hacks Tagged blue pill, GNU Privacy Guard, gpg, security token, stm32, Yubikey More evidence of what the dedicated individual can accomplish these days on a relatively limited budget. While it’s not exactly a common project, this isn’t the first time we’ve seen somebody spin up their own hardware token. While the sides are still open, the device looks robust enough to handle life in a laptop bag at least. An upper PCB, containing the status LEDs and touch pad, was then designed so it would fit over the main board as an enclosure of sorts. The original Micro USB port was also swapped for a male USB-A connector so the device could be plugged directly into a computer. To create his “TurtleAuth” dongle, started with the basic layout of the Blue Pill and added in a TTP223E touch control IC. The output of gpg -card-status showed the device was working as expected, so with the software sorted, it was time to take a closer look at the hardware. The ST-Link V2 was already a supported target, so it only took some relatively minor tweaks to get running and add support for a simple push button. The first step was to test the software out on the popular “Blue Pill” development board, which documents in the write-up should anyone want to give it a try themselves. All he had to do was build a suitable device to install it on. He found an open source project allows the STM32F103 to act as a USB cryptographic token for GNU Privacy Guard, which was a start. He earned an MA in Digital Media from London Metropolitan University during the pandemic and in his free time publishes a music webzine, The Agit Reader.Feeling the cost of commercial options like the YubiKey and Nitrokey were too high, started researching DIY alternatives. News and World Report, he has written for such publications as Popular Mechanics, Digital Trends, and TechRadar. Stephen Slaybaugh is a writer with more than 10 years of experience covering consumer tech. News, Kinney worked as a reporter and editor for Bloomberg, LexisNexis, and other news organizations covering legal and regulatory issues, with a focus on technology-related matters. He currently focuses on consumer electronics and personal security services for 360 Reviews. News & World Report in 2019, where he was instrumental in launching the company's 360 Reviews vertical. Jeff Kinney began working as an editor for U.S. If you have a question that hasn’t been answered in one of our guides, send an email to and we’ll do our best to help. Our privacy and technology team has done countless hours of research on all sorts of consumer technology products and services. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |