Dan HonWe considered ourselves to be a powerful culture capable of creating secure devices
This place is not a place of cryptographic security
No keys are secure here
The method of compromise here was honestly absolutely batshit
This disclosure is a warning about holy fuck did you see what they did
The danger is in a particular location by the power LED
… it increases towards the center of the CPU
… the center of the danger is in the cryptographic libraries
ArneBab@danhon very cool find!
Reminds me of RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis: https://web.archive.org/web/20230519161405/http://www.cs.tau.ac.il/~tromer/acoustic/
(fixed in GnuPG — that’s one of the reasons to avoid building custom crypto libraries: did you think of ensuring key-independent sound patterns and power consumption?)