There are a few things that will catch us unexpected and this might be one of them – noises from your computer can be decoded and used to extract personal information about your password. It’s called acoustic cryptanalysis key extraction, and it can be done with ease using a smartphone placed next to a computer in a cafe.
The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
This is possible because computers are all made of intricate electronic components that emit unique sounds when performing tasks:
The acoustic signal of interest is generated by vibration of electronic components (capacitors and coils) in the voltage regulation circuit, as it struggles to supply constant voltage to the CPU despite the large fluctuations in power consumption caused by different patterns of CPU operations. The relevant signal is not caused by mechanical components such as the fan or hard disk, nor by the laptop’s internal speaker.
If this sounds a bit like 007, then you’ll be pretty accurate – in addition to recording sounds with their smartphones, the team also used a parabolic speaker special acoustic equipment to record sounds from a computer across the room. The researchers also warned that a malicious app can be placed on a vicitm’s smartphone and then used to record sounds when it is placed next to the target laptop. Those hidden spy microphones are suddenly looking useful.