How a Hacker Can Break Into Your Laptop With Just an iPhone
That gentle hum of your laptop could be leaking your most sensitive documents.
That’s according to three of Israel’s most respected cryptologists, who published a report this week outlining how they were able to extract data from a running laptop just by listening to the sounds it makes.
Which only goes to show: No matter what you do–and no matter how serious your encryption–there will always be a way for a hacker to pilfer your data. Whether they do it over WiFi or bluetooth—and now via sound—your precious information is never truly safe.
“Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components,” write Adi Shamir, Eran Tromer and Daniel Genkin in their report, RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. “These acoustic emanations are more than a nuisance: They can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations.”
The three researchers tested the theory on a laptop with a 4096-bit RSA encryption—which, in layman’s terms, is an incredibly tough code to crack. When the key to decrypt the code is entered into the computer, the computer runs a series of protocols to unlock the encrypted data, and the CPU makes a noise. The researchers then placed a mobile phone 30 centimeters from the target laptop, and pointed the phone’s internal microphone towards the laptop’s fan vents.
By parsing the sounds, the researchers proved a hacker could theoretically re-architect the encryption key, and later hack into the computer.
They call it “acoustic cryptanalysis.” The researchers list a number of hypothetical attacks, the most frightening being the “acoustic attack app.” Here’s how it would work:
The whole attack could be packaged into a software “app” requiring no special hardware or knowledge. An attacker would install this software, reach physical proximity to the target computer under some pretext, and place the phone appropriately for the duration of the attack. For example, in a meeting, the attacker could innocuously place his phone on the desk next to the target laptop…and obtain the key by the meeting’s end. Similar observations apply to other mobile devices with built-in microphones, such as tablets and laptops.
Of course, there have yet to be any documented cases of a so-called “acoustic app,” and the the truth is, you really shouldn’t be worrying too much about it. Adi Shamir is basically Israel’s smartest cryptologist—and he’s only barely scratched the surface of how to actually pull off a hack like this. So unless you’re carrying around nuclear codes in your laptop, there’s not much to worry about. For now, your alternative sci-fi novel is safe and sound.