Posted on 04/20/2015 8:33:09 PM PDT by Star Traveler
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
meanwhile:
just citing the stuff that's been in the public for years.
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
November 2007
A seven and a half year old article? Really?!? Come into modern times, sten.
Do you have any evidence that Apple is using Dual_EC_DRBG as a random number generator routine in iDevices? Of course you don't because they aren't. You are obviously doing Google searches for anything to bolster your claims. It isn't working.
Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU
I've heard about this. . . but it only worked on systems using their own encryption routines (RSA), which they invented.
In this case, the security researchers listen to the high-pitched (10 to 150 KHz) sounds produced by your computer as it decrypts data.Without going into too much detail, the researchers focused on a very specific encryption implementation: The GnuPG (an open/free version of PGP) 1.x implementation of the RSA cryptosystem. With some very clever cryptanalysis, the researchers were able to listen for telltale signs that the CPU was decrypting some data, and then listening to the following stream of sounds to divine the decryption key. The same attack would not work on different cryptosystems or different encryption software — they’d have to start back at the beginning and work out all of the tell-tale sounds from scratch.
The researchers successfully extracted decryption keys (from a computer —Swordmaker) over a distance of four meters (13 feet) with a high-quality parabolic microphone. Perhaps more intriguingly, though, they also managed to pull of this attack with a smartphone placed 30 centimeters (12 inches) away from the target laptop.
You claimed that Apple iGadgets had already been cracked. Where does any of this show that?
This article does not claim that any smartphone was ever cracked, but rather that they USED a smartphone to crack into a target laptop. Frankly, I don't believe that any smartphone is wasteful of energy enough to make sounds while it processes or so slow that any sounds it makes would be discernible from any distance away from the phone at all. The decipher routine occurs in a split second at GigaHertz speeds, while these guys are talking about sounds being generated at 10 to 150 KiloHertz. . . and measuring the process over 3.7 seconds. Not a reasonable time frame for modern processors. In fact, it is several orders of magnitude too slow.
Even applied to a computer, it would have had to have been an old and VERY SLOW processor on the targeted computer for sounds to have been discrete enough to discern the deciphering process. I think anyone under attack would notice someone pointing a 12" parabolic microphone at their laptop computer from twelve inches away, don't you?
These are merely more straws you are grasping at. . . and show you don't know what you are talking about.
This isn't even a good try.
just posting the stuff that’s in the public.
as for the idevices... :)
“Manhattan DA Cyrus Vance Jr. sounded a battle cry Sunday, calling on law-enforcement agencies to battle Apple and Google over software that makes it impossible for authorities to “decrypt” cellphones seized in criminal investigations. “
As soon as I saw Cyrus Vance Jr., I knew that the left would be outraged that the ordinary citizen would be protected from the government.....and of course that makes us all terrorists
That said, I have some real serious problems believing stories about "listening" to CPU data streams from outside the computer chassis.
CPU chips and other silicon components DO NOT make noise, of any sort. Period. They just don't.
What does make noise, related to CPUs, is a switching power supply whose frequency varies with load. My guess is that they were listening to the whine of the switching power supply.
But as you pointed out, the switching frequencies (up to perhaps 150kHz), and even their harmonics, are many orders of magnitude slower (lower frequency) than the bit rates in the CPU chips. So there simply is no way that one could obtain normal-speed CPU bit data from such things as power supply switching noise.
The other noises of the computer -- hard drive motor, spinning disks, fans (including the CPU fan), vibration of cables -- would tend to mask any subtleties like power supply switching, so I dunno if I believe this story in the first place.
Maybe if they slowed the CPU down to a crawl... but then it would take so long to do the encryption and decryption it's pointless.
Wankers, IMO.
And then there's the problem you mention that a big parabolic mike is kinda hard to hide, but that's a detail. :)
Did you see the one where researchers claimed they could use the rise of the heat signature of one computer being sensed by a nearby computer's heat sensors could be surreptitiously used to steal data? Why it could transmit eight bits per hour! What a serious risk to air gap computers which is what they were claiming! Hilariously, for the exploit to work, the target computer had to have a program placed on it to take the data parse it into bits and then raise the computer's heat output for a one, then drop it back to normal, then lower it for a zero, etc. Question is, if one can get the malware program on the target to steal the data, why not just steal the data? Oh, the sensing computer had to be placed not more than six inches from the motherboard of the target computer. LOL!
As I said, Googling, and you don't know what you're talking about. Good luck with that.
The more I think about it, the more I'm inclined to call BS on the entire enterprise. It's not even a drawing-room proof of concept demo. It's just silly.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.