SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   GnuPG (Gnu Privacy Guard) Vendors:   Gnupg.org
GnuPG Acoustic Side-Channel Attack Lets Local Users Recover RSA Secret Keys
SecurityTracker Alert ID:  1029513
SecurityTracker URL:  http://securitytracker.com/id/1029513
CVE Reference:   CVE-2013-4576   (Links to External Site)
Date:  Dec 18 2013
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.4.16
Description:   A vulnerability was reported in GnuPG. A local user can obtain RSA secret keys.

A physically local user (or a user with a physically local microphone) can monitor the vibration of electronic components in the voltage regulation circuit of the target system while the GnuPG application decrypts known ciphertext to determine the private RSA key via acoustic cryptanalysis.

A 4096-bit RSA key used on a laptop can be determined within an hour.

The original advisory is available at:

http://www.cs.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

Daniel Genkin, Adi Shamir, and Eran Tromer reported this vulnerability.

Impact:   A local user can obtain RSA secret keys.
Solution:   The vendor has issued a fix (1.4.16).

The vendor's advisory is available at:

http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html

Vendor URL:  gnupg.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 8 2014 (Red Hat Issues Fix) GnuPG Acoustic Side-Channel Attack Lets Local Users Recover RSA Secret Keys
Red Hat has issued a fix for Red Hat Enterprise Linux 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC