Tuesday, December 31, 2013

Leaked documents detail 2008 NSA program to hack and remote control iPhones (video)


Thursday, December 19, 2013

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis



eavesdrop on computer
Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was the very low bandwidth of the acoustic side channel (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

Thursday, December 12, 2013

Google Brings AmigaOS to Chrome Via Native Client Emulation


Google Brings AmigaOS to Chrome Via Native Client Emulation

from the time-machine-always-comes-last dept.
First time accepted submitter LibbyMC writesGoogle's approach to bringing older C software to the browser is demonstrated in bringing the '80s-era AmigaOS to Chrome. 'The Native Client technology runs software written to run on a particular processor at close to the speeds that native software runs. The approach gives software more direct access to a computer's hardware , but it also adds security restrictions to prevent people from downloading malware from the Web that would take advantage of that power.'Chrome users can go straight to the demo.

Looks Like Nobody Is Winning This Console War | TIME.com