Recovering encryption keys via acoustic analysis

Posted: September 13th, 2005 | Filed under: Uncategorized | No Comments »

Have just been reading this article about how, given a 15 minute recording of a user typing, it is possible to ‘recover’ details of every word & even letter typed. Each key has a subtly different sound, so given a mapping of sound <-> key it is possible analyse a recording to recover the letters / words typed. By assuming that the text being typed was, say English, it is possible to apply statistical to the 15 minute recording to generate the sound <-> key mappings. Combine the two techniques with a suitably planted microphone and you have a pretty damn good channel for covertly monitoring what someone types. Another good reason to stop using regular passwords & move wholesale to one time keys / secure id generators – as if existing spyware weren’t enough of a reason already.

Even more intriguing though, is the last paragraph where they link to another study suggesting that, since CPUs make different sounds (high frequency, inaudible to humans) depending on what they are computing, that it might be possible to analyse a recording of a decryption operation to recover the encryption keys. Damn, encryption & security breaks down in the most obscure & unimaginable/unexpected ways.