[This is an incredibly subtle attack, and I’m shocked that it works. But, you know, it’s Adi Shamir, so that’s about as hi-crypto-cred as you can get….-egg]

In RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [PDF], a paper by Daniel Genkin and Eran Tromer of Tel Aviv University and Adi Shamir, the authors show that a sensitive microphone (such as the one in a compromised mobile phone) can be used to infer a secret cryptographic key being used by a nearby computer. The computer’s processor emits different quiet sounds (“coil whine…caused by voltage regulation circuits”) as it performs cryptographic operations, and these sounds, properly analyzed, can reveal the key.

It’s a pretty stunning attack, the sort of thing that sounds like science fiction. But the researchers are unimpeachable (Shamir is the “S” in RSA), and their paper is very clear.

via Deriving cryptographic keys by listening to CPUs’ “coil whine” – Boing Boing.