Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Extreme Tech)   Turns out the heavy encryption everyone ran to after the NSA revelations can be broken with a stethoscope   (extremetech.com ) divider line
    More: Fail, processors, NSA, Rammstein, RSA, encryption  
•       •       •

4306 clicks; posted to Geek » on 19 Dec 2013 at 5:18 PM (2 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



74 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | » | Newest | Show all

 
2013-12-19 04:29:25 PM  
Take up thy stethoscope and crack.
 
2013-12-19 05:22:49 PM  
funny how the highest tech stuff can be defeated by something you'd see in a re-run of MacGyver.
 
2013-12-19 05:25:25 PM  

Grand_Moff_Joseph: funny how the highest tech stuff can be defeated by something you'd see in a re-run of MacGyver.


A bad mullet and worse acting?
 
2013-12-19 05:25:58 PM  
I'm guessing the hoops one has to go through to do this, would make this attack vector all but impossible to accomplish in the wild.
 
2013-12-19 05:26:37 PM  
It isn't hard to implement, but it isn't easy to understand the data being given to you. While this side channel attack is cool, I certainly don't expect it to be widespread, plus it can be easily defeated with a white noise generator that runs in the 10-150 KHz range. Also sound proofing works too.

I would be interested to check out the sound readings in a colo facility though, I wonder if there is so much background noise in that range that you couldn't distinguish your target.
 
2013-12-19 05:29:17 PM  

Quantum Apostrophe: A bad mullet and worse acting?


What are you talking about? That mullet was glorious.

Of all the mullets in the world, one would be hard pressed to find a finer specimen.
 
2013-12-19 05:31:23 PM  
In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?
 
2013-12-19 05:39:57 PM  
FTA: "If you want to keep your data secure, you only really have two viable options: Heavy-duty encryption, physical security, and ideally both at the same time. "

Isn't that three options?

Interesting read, though.
 
2013-12-19 05:42:43 PM  

skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?


Because the enigma code was created with computes not even as etcetera etcetera and so on.
 
2013-12-19 05:45:27 PM  

skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?


Because SCIENCE!
 
2013-12-19 05:46:11 PM  

skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?


The only encryption technique that is uncrackable is the single-pad cipher. Quantum encryption can do that, though you still have to be wary of people eavesdropping and picking up the cipher as you're transmitting it.
 
2013-12-19 05:48:40 PM  

impaler: I'm guessing the hoops one has to go through to do this, would make this attack vector all but impossible to accomplish in the wild.


This. If someone can be 12 feet away from you while you working on your computer while engaged in life or death stuff you have far bigger problem than this hack.
 
2013-12-19 05:50:29 PM  
Two things if you're that worried:

Faraday cage
Pink / White noise generator

What? You don't have your computer and peripherals in a faraday cage?

/neither do I
 
2013-12-19 05:52:49 PM  

impaler: I'm guessing the hoops one has to go through to do this, would make this attack vector all but impossible to accomplish in the wild.


Offering the cracked, and infected, version of a popular, paid app?
 
2013-12-19 05:53:57 PM  

skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?


The major problem with Enigma was not the encryption protocol itself, it was the lack of communications discipline among German operators. Cracking Enigma would have been far, far tougher if it had been used properly.
 
2013-12-19 05:59:32 PM  
If the police are listening to your CPU with a stethoscope, you're pretty analed no matter what.
 
2013-12-19 06:00:47 PM  

qorkfiend: skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?

The major problem with Enigma was not the encryption protocol itself, it was the lack of communications discipline among German operators. Cracking Enigma would have been far, far tougher if it had been used properly.


http://en.wikipedia.org/wiki/Enigma_machine

"German military texts enciphered on the Enigma machine were first broken by the Polish Cipher Bureau, beginning in December 1932. This success was a result of efforts by three Polish cryptologists, Marian Rejewski, Jerzy Różycki and Henryk Zygalski, working for Polish military intelligence. Rejewski "reverse-engineered" the device, using theoretical mathematics and material supplied by French military intelligence. "
 
2013-12-19 06:02:05 PM  
impaler: I'm guessing the hoops one has to go through to do this, would make this attack vector all but impossible to accomplish in the wild.

For now.

worlddan: This. If someone can be 12 feet away from you while you working on your computer while engaged in life or death stuff you have far bigger problem than this hack.

You mean like in a black van, parked out on the street, with a parabolic mic aimed at your window :P
 
2013-12-19 06:04:05 PM  
encrypted-tbn1.gstatic.com

/oblig, surprised it wasn't posted earlier
 
2013-12-19 06:07:00 PM  

skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?


Enigma was partially security through obscurity. What gives us confidence in our encryption schemes of today is that the ones we use are entirely open specs, subject to the scrutiny of brilliant mathematicians and codebreakers the world over... and nobody has found any serious problems.
 
2013-12-19 06:07:21 PM  

skinink: qorkfiend: skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?

The major problem with Enigma was not the encryption protocol itself, it was the lack of communications discipline among German operators. Cracking Enigma would have been far, far tougher if it had been used properly.

http://en.wikipedia.org/wiki/Enigma_machine

"German military texts enciphered on the Enigma machine were first broken by the Polish Cipher Bureau, beginning in December 1932. This success was a result of efforts by three Polish cryptologists, Marian Rejewski, Jerzy Różycki and Henryk Zygalski, working for Polish military intelligence. Rejewski "reverse-engineered" the device, using theoretical mathematics and material supplied by French military intelligence. "


You think they just reverse-engineered it from scratch? Or do you think they was given several dozen hints by the way the German operators used it?
 
2013-12-19 06:12:49 PM  
gifrific.com
 
2013-12-19 06:22:23 PM  

qorkfiend: skinink: qorkfiend: skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?

The major problem with Enigma was not the encryption protocol itself, it was the lack of communications discipline among German operators. Cracking Enigma would have been far, far tougher if it had been used properly.

http://en.wikipedia.org/wiki/Enigma_machine

"German military texts enciphered on the Enigma machine were first broken by the Polish Cipher Bureau, beginning in December 1932. This success was a result of efforts by three Polish cryptologists, Marian Rejewski, Jerzy Różycki and Henryk Zygalski, working for Polish military intelligence. Rejewski "reverse-engineered" the device, using theoretical mathematics and material supplied by French military intelligence. "

You think they just reverse-engineered it from scratch? Or do you think they was given several dozen hints by the way the German operators used it?


I dunno. You provide a reference if you think the Polish code crackers did it your way. I just go by what I found on light research. I'm not going to guess about other methods.
 
2013-12-19 06:35:20 PM  

skinink: qorkfiend: skinink: qorkfiend: skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?

The major problem with Enigma was not the encryption protocol itself, it was the lack of communications discipline among German operators. Cracking Enigma would have been far, far tougher if it had been used properly.

http://en.wikipedia.org/wiki/Enigma_machine

"German military texts enciphered on the Enigma machine were first broken by the Polish Cipher Bureau, beginning in December 1932. This success was a result of efforts by three Polish cryptologists, Marian Rejewski, Jerzy Różycki and Henryk Zygalski, working for Polish military intelligence. Rejewski "reverse-engineered" the device, using theoretical mathematics and material supplied by French military intelligence. "

You think they just reverse-engineered it from scratch? Or do you think they was given several dozen hints by the way the German operators used it?

I dunno. You provide a reference if you think the Polish code crackers did it your way. I just go by what I found on light research. I'm not going to guess about other methods.


A lot of it was mathematical work, but they had a lot of help from German mistakes and bad practices.
 
2013-12-19 06:39:49 PM  

Adolf Hipster: FTA: "If you want to keep your data secure, you only really have two viable options: Heavy-duty encryption, physical security, and ideally both at the same time. "

Isn't that three options?

Interesting read, though.


Three! Three options! Heavy-duty encryption, physical security, both at the same time, and an almost fanatical devotion to the pope.

/I'll come in again.
 
2013-12-19 06:45:14 PM  

qorkfiend: You think they just reverse-engineered it from scratch? Or do you think they was given several dozen hints by the way the German operators used it?


They had access to enigma machines. It was sold to the public before the war IIRC. Granted, it used a different coding scheme, but 'how it worked' was known.

It's been 10 years since I've read up on the subject. I could be way off.
 
2013-12-19 07:20:53 PM  
I'm still behind 7 proxies anyway. Suck it.
 
2013-12-19 07:38:48 PM  

worlddan: impaler: I'm guessing the hoops one has to go through to do this, would make this attack vector all but impossible to accomplish in the wild.

This. If someone can be 12 feet away from you while you working on your computer while engaged in life or death stuff you have far bigger problem than this hack.


You misunderstand. Imagine that a higher up at some three letter agency checks their email while at Starbucks. Nothing particularly life and death, just seeing if the new meeting agenda is out or whatever. Now, their password is compromised from the next table over. A few weeks later, when they are writing something sensitive, at work, it's seen by the FSB. Ta-da.
 
2013-12-19 07:59:30 PM  

impaler: qorkfiend: You think they just reverse-engineered it from scratch? Or do you think they was given several dozen hints by the way the German operators used it?

They had access to enigma machines. It was sold to the public before the war IIRC. Granted, it used a different coding scheme, but 'how it worked' was known.

It's been 10 years since I've read up on the subject. I could be way off.


IIRC, the German operators had a habit of reusing the same initial rotor position. That coupled with the fact that there was often the same sign off I the message (i.e. HH for Heil Hitler) gave some massive hints.

/it's also been a while since I read about it.
 
2013-12-19 08:01:31 PM  

Pinko_Commie: impaler: qorkfiend: You think they just reverse-engineered it from scratch? Or do you think they was given several dozen hints by the way the German operators used it?

They had access to enigma machines. It was sold to the public before the war IIRC. Granted, it used a different coding scheme, but 'how it worked' was known.

It's been 10 years since I've read up on the subject. I could be way off.

IIRC, the German operators had a habit of reusing the same initial rotor position. That coupled with the fact that there was often the same sign off I the message (i.e. HH for Heil Hitler) gave some massive hints.

/it's also been a while since I read about it.


The allies also just started doing really, really clever stuff.

They eventually figured out a german U-boat, if it detected a depth charge, would send a message with the heading of the attempted depth-charging from them, out via radio.

So it got to the point where Allies would drop depths charges *that would purposefully be too far away to hit submarines they knew were there*, in order to get both a ciphertext and a plaintext nigh immediately.
 
2013-12-19 08:02:52 PM  
From the sounds of it, this technique would only work if the *only* thing your CPU was doing was the encryption / decryption. If you were playing games or something similar to inject "noise" into the CPU load, that would probably make this technique impossible.

Or just run a BOINC project and make sure the CPU load is always 100%.
 
2013-12-19 08:34:35 PM  

ZZ9 Plural Z Alpha: skinink: qorkfiend: skinink: qorkfiend: skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?

The major problem with Enigma was not the encryption protocol itself, it was the lack of communications discipline among German operators. Cracking Enigma would have been far, far tougher if it had been used properly.

http://en.wikipedia.org/wiki/Enigma_machine

"German military texts enciphered on the Enigma machine were first broken by the Polish Cipher Bureau, beginning in December 1932. This success was a result of efforts by three Polish cryptologists, Marian Rejewski, Jerzy Różycki and Henryk Zygalski, working for Polish military intelligence. Rejewski "reverse-engineered" the device, using theoretical mathematics and material supplied by French military intelligence. "

You think they just reverse-engineered it from scratch? Or do you think they was given several dozen hints by the way the German operators used it?

I dunno. You provide a reference if you think the Polish code crackers did it your way. I just go by what I found on light research. I'm not going to guess about other methods.

A lot of it was mathematical work, but they had a lot of help from German mistakes and bad practices.


Yeah, they'd use keys that matched like "ber" to "lin."
 
2013-12-19 08:49:34 PM  

cannotsuggestaname: It isn't hard to implement, but it isn't easy to understand the data being given to you. While this side channel attack is cool, I certainly don't expect it to be widespread, plus it can be easily defeated with a white noise generator that runs in the 10-150 KHz range. Also sound proofing works too.

I would be interested to check out the sound readings in a colo facility though, I wonder if there is so much background noise in that range that you couldn't distinguish your target.


i.imgur.com
 
2013-12-19 08:50:50 PM  
It's worst than that. I've heard that the NSA can decrypt your data by watching your fingers on the keyboard as they type in your password.

/Setec Astronomy
 
2013-12-19 10:05:16 PM  
Between this and the malware communicating across an air gap with ultrasonics, I'm beginning to think security researchers are starting to troll us for the lulz.
 
2013-12-19 10:06:55 PM  

ChubbyTiger: You misunderstand. Imagine that a higher up at some three letter agency checks their email while at Starbucks. Nothing particularly life and death, just seeing if the new meeting agenda is out or whatever. Now, their password is compromised from the next table over. A few weeks later, when they are writing something sensitive, at work, it's seen by the FSB. Ta-da.


Anyone who engages in the practices you mention should be fired. This is the same attitude that got the Harvard guy caught--the belief that encryption alone can save one's ass. It can't. Encryption only has utility when it is used in connection with all the factors and practices that make up good operational security. Otherwise, encryption is nothing more than leading a lamb to the slaughter,

This is precisely the reason I am opposed to Tor being publicly available--all it does is trick the innocent into thinking they have more protection when they really do. Same here. For anyone practicing good operational security this hack isn't worth the paper it is written on. It's only go to catch the low hanging fruit, if that.
 
2013-12-19 10:09:08 PM  
If you think you're doing heavy encryption on a CPU, you aren't doing heavy encryption.
 
2013-12-19 10:25:06 PM  

MurphyMurphy: [gifrific.com image 245x285]


If Linus Torvalds wanted to lecture me about operating systems, I'd listen.  If Sergey Brin wanted to clear up a mis-conception I had about search engines, I'd listen.   If Gordon Ramsey said my soup was too salty, I'd listen.   This guy is the S in the RSA encryption algorithm.   I'm at least going to hear him out.
 
2013-12-19 10:26:17 PM  
just use a multicore cpu, and run a bitcoin miner and a md5 hash on your raw hard disk data, a few gzips and the like at the same time you do you pgp decode.

Its not like your computer is Tempest certified anyway.
 
2013-12-19 10:28:45 PM  

skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?


From a pure crypto-theory standpoint (ignoring side-channel attacks like this), there's a huge difference between modern encryption and the Enigma. We understand the power and limitations of computers today in a way that maybe a handful of people had even started to consider during WWII, and as a result we know the strength and limitations of encryption schemes very well. All of our modern knowledge says that modern encryption is *practically* unbreakable, unless we have fundamentally misunderstood computers at a very deep level.

I'm no expert, but I've *never* heard of any significant attack that involved breaking modern codes. Virtually all modern "hacking" involves exploiting people in order to circumvent encryption, not breaking the encryption itself.

Essentially, unless you're a governmental entity or a huge company with millions or billions of dollars at stake, encryption is a solved problem for you.
 
2013-12-19 10:38:26 PM  

worlddan: This is precisely the reason I am opposed to Tor being publicly available


Then how is the government supposed to find a pool of random traffic to help shield their communications from traffic analysis?

i.imgur.com
 
2013-12-19 11:07:47 PM  
I expect we'll see this commonly from the industrial espionage crowd fairly soon.  A smart phone with a decent microphone can pick up enough signal from about 1 foot away.  The researchers actually covered a lot of this ground.

Cheers.

//See a better write up at  http://arstechnica.com/security/2013/12/new-attack-steals-e-mail-decr y ption-keys-by-capturing-computer-sounds/
 
2013-12-19 11:53:19 PM  

qorkfiend: The major problem with Enigma was not the encryption protocol itself, it was the lack of communications discipline among German operators. Cracking Enigma would have been far, far tougher if it had been used properly.


Didn't the Germans sign most of their communiques "Heil Hitler" at the end?
 
2013-12-19 11:57:15 PM  
RSA has not been secure for some time now.

Why go through the hassle when similar low-tech provides for  http://en.wikipedia.org/wiki/Van_Eck_phreaking - which has been expanded to include flat panels as well...
 
2013-12-20 12:01:05 AM  

SurfaceTension: qorkfiend: The major problem with Enigma was not the encryption protocol itself, it was the lack of communications discipline among German operators. Cracking Enigma would have been far, far tougher if it had been used properly.

Didn't the Germans sign most of their communiques "Heil Hitler" at the end?


Yep. PEBKAC has been around for a long time.
 
2013-12-20 12:49:05 AM  

Pinko_Commie: IIRC, the German operators had a habit of reusing the same initial rotor position. That coupled with the fact that there was often the same sign off I the message (i.e. HH for Heil Hitler) gave some massive hints.

/it's also been a while since I read about it.


Yep, that was another thing, IIRC.

But there are so many IIRCs going around here, we could be talking about Ovaltine decoders.
 
2013-12-20 12:58:00 AM  

Fubini: skinink: In WW2, the Nazi's Enigma encryption was eventually broken and with computers not even as powerful as the weakest desktop and by people who didn't have any of the tools we have currently. What makes anyone think any encryption nowadays is secure?

From a pure crypto-theory standpoint (ignoring side-channel attacks like this), there's a huge difference between modern encryption and the Enigma. We understand the power and limitations of computers today in a way that maybe a handful of people had even started to consider during WWII, and as a result we know the strength and limitations of encryption schemes very well. All of our modern knowledge says that modern encryption is *practically* unbreakable, unless we have fundamentally misunderstood computers math at a very deep level.

I'm no expert, but I've *never* heard of any significant attack that involved breaking modern codes. Virtually all modern "hacking" involves exploiting people in order to circumvent encryption, not breaking the encryption itself.

Essentially, unless you're a governmental entity or a huge company with millions or billions of dollars at stake, encryption is a solved problem for you.


FTFY, also agreed. The article is evidence of this. What's considered and exploit, is the ability to be able to listen to the power supply, as it decrypts a bunch of known text using known software. Ones ability to do this in the wild is astronomical, but the odds of it being successful are so much greater than the theoretical odds of doing it mathematically, it's literally considered an "exploit".
 
2013-12-20 01:01:27 AM  

impaler: What's considered and exploit


What's considered AN exploit...

I read that 5 times, and only caught it 4 seconds after actually posting it.

Come on fark, at least give us a 5 minute window for edits!

Or don't. Forces us to be diligent.
 
2013-12-20 02:29:51 AM  
Honestly if you had the access to use this side channel attack, then why would you not just use a keylogger?  Plus this is way too easy to defeat by either having background noise (perhaps white noise) or if your CPU was also doing other tasks.  I mean if this was ever considered a serious security concern, encryption/decryption software could AUTOMATICALLY do random math as well.

This was nothing but an exercise to see if it can be done in theory.  This is just not practical.

And no in case anyone is wondering - this attack will also not help anyone crack open your encrypted file system without YOU putting in the password.  Despite me typing this, I am sure I will see plenty of people who do not understand encryption in the least tell everyone how "they" can crack anything, nothing is secure, and this is further proof.  The NSA has formidable abilities but does not have magical powers and even if they did encryption is math not magic.
 
2013-12-20 03:19:19 AM  
i1.ytimg.com

/oblig
 
Displayed 50 of 74 comments


Oldest | « | 1 | 2 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report