The 2014 Pwnie Winner For Most Innovative Research

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Daniel Genkin, Adi Shamir, Eran Tromer

In this fascinating paper, the authors describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. They experimentally demonstrated that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.