If you missed the OpenSSL update released in May, go back and get it: a Georgia Tech team recovered a 2048-bit RSA key from OpenSSL using smartphone processor radio emissions, in a single pass.
The good news is that their attack was on OpenSSL 1.1.0g, which was released last November, and the library has been updated since then. Dubbed “One&Done”, the attack was carried out by Georgia tech's Monjur Alam, Haider Adnan Khan, Moumita Dey, Nishith Sinha, Robert Callan, Alenka Zajic, and Milos Prvulovic.
The researchers only needed a simple and relatively low cost Ettus USRP B200 mini receiver (costing less than $1,000/€900/£800) to capture the revealing radio noise from a Samsung Galaxy phone, an Alcatel Ideal phone, and a A13-OLinuXino single-board computer.
In Georgia Tech's announcement, the group explained that its attack is the first to crack OpenSSL without exploiting cache timing or organisation.
[...] The good news is that not only was mitigation relatively simple, it improved OpenSSL's performance. “Our mitigation relies on obtaining all the bits that belong to one window at once, rather than extracting the bits one at a time,” the paper stated. “For the attacker, this means that there are now billions of possibilities for the value to be extracted from the signal, while the number of signal samples available for this recovery is similar to what was originally used for making a binary (single-bit) decision”.
“This mitigation results in a slight improvement in execution time of the exponentiation,” the paper continued.
Here's the link to the group's upcoming Usenix talk.
(Score: 0) by Anonymous Coward on Wednesday August 15 2018, @05:18PM (2 children)
Alright, let me run out and build the latest openssl source... oh wait, the vulnerability is on my phone? can't update that! (besides, its probably stuck on a version from years ago still, were those vulnerable?)
(Score: 2, Touché) by Anonymous Coward on Wednesday August 15 2018, @05:21PM
You are funding that which you don't like.
Live your principles, man. Go without, or help crowd-fund some overly expensive device that supports your desired Freedom.
(Score: 2) by driverless on Thursday August 16 2018, @01:05AM
It's not just an OpenSSL vuln, they're just the biggest target and make for good news stories. This is an EMI side-channel attack, if you want to mitigate those you need hardware-level defences, you're never going to be able to deal with it purely in software. Even then, hardware vendors have been trying to deal with these types of attacks for decades, with mixed success. The best defence is still, if someone walks up to you and points a pile of high-tech electronic equipment at the device you're using for crypto, or attaches probes to it, or whatever, then you might want to be suspicious that they're up to something.
(Score: 1, Insightful) by Anonymous Coward on Thursday August 16 2018, @06:42AM
So we get three comments on this? What the Frog is going on? There really is not reason to even check in to SoylentNews any more! If only there were something like an aristarchus submission, one with hundreds of comments, some issue that informed and tittilated, provoked and educated! Instead all we get are bot submissions, or the same, takyon ones. Well, it is just a matter of time. What are the stats, TMB?
Daily visits falling? Comments dwindling? Site collapsing? This is what happens when you do not #Freearistarchus!!!!
(Score: 0) by Anonymous Coward on Thursday August 16 2018, @08:28PM
According to the OpenSSL release pages, 1.1.0h was release on March 27, 2018. Two months before the fix described in this article was submitted to git and subsequently merged. I don't see a May release of OpenSSL anywhere for the 1.1.0 branch. Thus, unless something is confusingly messed up, the fix is to install the 1.1.0i release that came out on August 14 (this week).
Right?
https://www.openssl.org/source/old/1.1.0/ [openssl.org]
(Score: 0) by Anonymous Coward on Thursday August 16 2018, @10:18PM
Does anyone know the correct pronunciation of one of the teams name (just making sure have got the spelling correct) "Robert Callan"?