A brief glance at this thread and the other discussion showed only 1 substantive comment that told me something I didn't know after a cursory read through(that I saw at least). The amount of people who didn't even read the paper is mindblowing
Thanks. I'm with the first commenter on the Schneier post - remove your phone's battery (and the corollary: try not to own a phone which you can't confidently remove the battery ... though, is that even possible anymore?)
I submitted it as well with a suffixed URL to force a repost. Your list is proof, if any, that it's really down to chance now even if excellent stuff makes it to the front page anymore..
I love that Shamir keeps doing work that makes people say "... this can't be true!"
Once again, this is a reminder that any adversary that has physical access to your box can extract all your secrets, and there's almost nothing you can do about it.
For defending against acoustic attacks when encrypting/decrypting/typing in your password, play loud music. I recommend "What does the fox say?" by Ylvis since it has a wide range of powerful frequencies.
(There are other types of physical attacks than acoustic attacks, so this is more tongue in cheek than a real defense mechanism.)
To be clear, it's my understanding that playing music or generating artificial noise won't actually do much to stop this attack. Listening to some good tunes will definitely help distract you from worrying about attackers stealing your private keys, though!
It depends on which attack vector you're defending against.
If you're trying to defend against the cellphone (or chasis microphone) attack vector, then you can defintely defend with human audible noise. Your cellphone is going to have an aggressive low pass filter prior to the ADC to prevent aliasing. This will limit the cellphone range to roughly human audible range. The difficulty is in generating sufficient noise at the frequencies required. As the FAQ on the page points out the majority of this lies in +10kHz, so using normal music won't be too effective, but artificial noise is certainly possible.
The Q&A on the linked site answers all sorts relevant questions and is quite enlightening.
In the actual paper is maddening non-specific about how widespread audible range attacks are. Ultrasonic attacks are likely viable against nearly all unprotected machines, however the paper only says that 'some' machines are vulnerable to audible spectrum attacks.
If I understand correctly, it's because the frequency it is listening to is much higher than normal music. Also possibly because the algorithm is meant to deal with noise.
Actually it is because it is all fake, so he can set whatever rules he wants.
If you are listening for sounds higher than "normal music" you can't capture them with a standard mic, let alone the mic on your phone, since it is optimized for vocal range.
Interesting. Reminds me of the times long ago when pocket calculators were a new thing and I was also owning an AM/FM radio and held it close to the calculators to listen to what they were "doing". You would hear a lot more in the radio than the bit of whining and buzzing that you can hear acoustically from nowaday's computers.
So, I was wondering, what about the FM radio built into many (if not most) mobile phones? Connected my earbuds (they also function as antenna), turned on the phone loudspeaker, laid the earbud cable over my laptop, tuned the FM radio to some frequency where there is no radio station (thus statics playing), and voilà, I can clearly hear correlation between noise and activity. Even when I'm placing my earbuds/phone a foot away from the laptop I can still clearly hear when I'm opening some new window. The sounds are not as 'colorful' as they were on an AM radio when listening to calculators, but I'd wager a guess that it's better than an acoustic attack.
So much for thinking that making acoustic noise like playing music would dwarf the attack vector "mobile phone".
PS: what might prevent this attack is that on some (most?) phones the output of the FM radio can't be captured directly. It could be played through the speaker and recorded through the mic, though. The attack as carried out by Genkin/Shamir/Tromer is sending tons of encrypted emails and would probably arouse suspicion anyway if the computer was attended, thus this indirection may not pose a problem.
Totally true and old common knowledge, check this out:
https://en.wikipedia.org/wiki/Tempest_%28codename%29
When chips and devices were slower and used more energy, it was just easier to observe those differences. I also have had many mobile phones which leaked information as audio, I think most of that leak was from RF tramsitter unit power consumption and speaker amplifier power not being properly filtered. But it's just perfect example of acoustic information leak.
Once again Shamir puts out a bombastic paper where they tested against one device in a controlled environment and doesn't release a software or a proof that it works.
If this were real there would be a "submit your recording" or an opensource library for others to try.
The physics of this don't work.
If they did work the experiment should be documented in a way that there could be peer review. If you can't repeat it, it isn't valid.
I lost lots of Karma the last time I mentioned this, but I kind of don't care. These kinds of fake "hacks" are only designed to create fear, and keep people from working on real security issues while creating a reputation based on falsehoods for the author.
How long does the full encryption of a say, typical email (kilobyte of plain text or so) takes? It shouldn't be that much long, in the range of a few milliseconds, or a few dozen samples of a microphone (44,100hz max).
What i can't understand is how you can compress a whole RSA decryption key, which is say 4096 bits, into space SMALLER than itself (source data from microphone with 16 bits per sample, mono, at 44,100 hz, will take 6ms to accumulate 4096 bits - for sure encryption of a short email will take less!). So it sounds like a hoax.
Obviously the key can't be 'comperssed' because it's ramdom data with a high quality of randomness. And you cannot pull it out of SMALLER amount of data recorded by the microphone in the time it takes to make an encryption. That is, if anything happening within the processor can make acoustic noise loud enough for microphone to detect, which i really doubt.
I believe this even less than air-powered cars, or cold fusion.
Wonderful analysis of something completely different from the actual article. You make several good and useful points, it's just a shame that they're irrelevant.
> I believe this even less than air-powered cars ...
Read the paper. They're using a known input ciphertext to help aid this recovery and get around the limitations you've noted. Recovery also takes an hour, byte by byte with different decryptions.
Wow, I don't want to steer this discussion into the "ye olde golden HN days" territory, but this is the lowest of the low I have read on HN recently.
Really? You dismiss a scientific claim because you, YOU cannot understand it? There's a scientific paper written by a security researcher (who by the way co-invented RSA) that goes into great detail explaining what's going on. There's data to analyse. People can try to replicate the results. Do you have anything to say about the paper?
There have been a few threads about this already. What I have learned from those, and from other threads where a paper is discussed, is that practically nobody who comments has read the paper.
No, that was not the claim. My understanding of your parent's post is that he claimed that the research was real scientific research (which may be wrong), not a hoax, without expressing any opinion about the validity of the claims.
If $RANDOMDUDE says something is bullshit without having looked at the research and $PROVENEXPERT after a lot of research says it is not, it doesn't mean the expert is right. The facts should stand on their own, regardless of who made them. However, it means $RANDOMDUDE's opinion is completely uninformed and the research is worth looking into.
Appealing to authority is only a fallacy if the authority isn't actually an authority / is considered infallible. This doesn't seem to be the case here.
I thought the fallacy was using an unrelated property as evidence to support the truth of a factual statement (the author's previous work, shoe size, favourite music, etc).
If you can't bother to understand the work then heuristics are your best bet. In this case, the authors are leading academics from good computer science departments. This makes the probability of the paper being an outright hoax very low. They would be risking their careers and the respect of their peers - and for what exactly? Shamir in particular is already at the top of the game (full professor + turing award + many millions of dollars from royalties).
Now, mistakes CAN happen. But in this case, it would be very hard to make one. If they built a system that reconstructs the cryptographic key then you could compare the keys on both sides.
Indeed, but his track record isn't absolutely perfect if you remember his misguided analysis of the Bitcoin blockchain, a paper which was subsequently withdrawn[1].
I was as skeptical as you are. But then I read the original article. The attackers here specify the ciphertext, and they craft a specific one for every bit they want to extract from the private key.
The ability to craft a ciphertext of ~1 second per bit makes it plausible they are able to force the difference between a 0 and a 1 to be large enough to be heard. Still surprising, but plausible.
It's pretty far out, but Adi Shamir is one of the world's foremost experts in cryptography. The paper is pretty thorough, including details of the lab setup and tests which were conducted. There's even a patch for GnuPG.
In short, I'm not really clear what else you'd expect to see.
https://news.ycombinator.com/item?id=6927905 (tau.ac.il) (92 comments)
Other submissions:
https://news.ycombinator.com/item?id=6940827 (theregister.co.uk)
https://news.ycombinator.com/item?id=6938536 (dailymail.co.uk)
https://news.ycombinator.com/item?id=6935289 (tau.ac.il)
https://news.ycombinator.com/item?id=6933255 (slashdot.org)
https://news.ycombinator.com/item?id=6932445 (slideshare.net)