Can extremetech please be added to the list of websites blocked by default on HN.<p>There is never any original content from that site, it's always rehashed crap, littered with buzzwords and reeking of the dead corpse of journalistic integrity.
Research paper is here: <a href="http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf" rel="nofollow">http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf</a><p>Edited to add: This is one hell of a hack.
Meh, sensationalist title.<p>Already commented on the first submission: <a href="https://news.ycombinator.com/item?id=6933678" rel="nofollow">https://news.ycombinator.com/item?id=6933678</a>
Previous discussion on HN (270 points | 89 comments)<p>(Notably about why playing music does not mitigate the threat.)<p><a href="https://news.ycombinator.com/item?id=6927905" rel="nofollow">https://news.ycombinator.com/item?id=6927905</a>
There is a patch for that in GnuPG, available in both Debian and Ubuntu. Update your machines :)<p>FLOSS is amazing. One day since research paper and your machines are already patched. This means that probably no one had enough time to actually use this attack vector in the wild.
This is possible because of the electromagnetic signature generated by the processor's clock circuit while it is decrypting the data. The microphone is listening to the EM signal generated by the clock and timing the samples to reconstruct what the processor was doing. This type of attack is very difficult to carry out against a completely asynchronous or self-timed circuit that doesn't generate timed samples due to the lack of any central clock.
<p><pre><code> >or you need to use a “sufficiently strong wide-band noise
>source.” Something like a swooping, large-orchestra
>classical concerto would probably do it.
</code></pre>
Unless you're standing next to a live orchestra that's playing the concerto on specially designed dog-whistles, you're going to have a pretty hard time masking anything near the 150 kHz range.