If you have a PokerStars account, the pretty well-stocked Skrill (or simply if you are more cautious than others), it is likely that you have enabled security in 2 stages of your account using a RSA key (for reference, RSA is an acronym formed from the names of its founders: Ronald Rivest, Adi Shamir and Leonard Adleman).
This security in 2 steps (password + RSA encryption) is known to be hyper-safe, if not impossible to hack (of least, so far).
Today, we learn that a group of researchers has just arrived, thanks to an acoustic cryptanalysis method to break a computer located nearby, RSA key using a single microphone.
The team, composed of Daniel Genkin, Adi Shamir and Eran Trömer, arrived to break the key by listening to the sounds that the computer had with a method called "acoustic cryptanalysis". You should know that the majority of computers emits high-pitched sounds and that these sounds can be picked up with the right tools. For this reason, it is possible to be victim of a hacking without no one touch to your computer.
The research team came to extract encryption keys 4096-bit RSA on a laptop in just one hour with the sounds emitted by the latter during a decryption process.
To do this, the microphone should be located just a few metres from the target computer. Listening to specific sounds from the computer, it is possible to determine which specific component of the computer works.
To determine the precise characteristics of RSA encryption keys, it needed a GnuPG data software. The GnuPG program uses the RSA algorithm for its cryptographic operations that is sensitive to attacks by measuring time. Electronic components vibrate during processor operations. A microphone can therefore listen to these vibrations, in order to determine the duration of the operation of the RSA.
Listening to specific sounds in this way, we can decrypt an RSA key of 4096 bits in about 1 hour.
Obviously, there absolutely nothing to worry about at the moment, the experiment being carried out in conditions perfect for the success of the decryption. One of the positives from the experience is that with this knowledge, it may be possible to "correct" the "flaws" that allowed to decrypt the key.
In this regard, on Wikipedia you could read: "RSA keys are usually between 1024 and 2048 bits length. Some experts believe is possible that 1024-bit keys will be broken in the near future (although this is controversial), but few see a way to break this way of the 4,096-bit keys in the foreseeable future."
For those who use an RSA key so as 2nd stage of security to their account, you can continue to sleep on your two ears.
Discuss this news on PokerCollectif forums: RSA keys broken with acoustic cryptanalysis