Vigil@nce - GnuPG: key detection by radio listening
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is located near a computer performing Elgamal
operations with GnuPG on chosen messages, can listen radio signals
from this computer, in order to guess a decryption key.
Impacted products: GnuPG
Severity: 1/4
Creation date: 02/03/2015
DESCRIPTION OF THE VULNERABILITY
The GnuPG product implements the modular exponentiation used by
RSA and Elgamal algorithms.
During a decryption operation, the computer emits a radio signal
at approximately 1.7 MHz, which can be received in a 50 cm range
by an AM radio.
If the attacker can send to GnuPG data which are decrypted by
Elgamal, then he can observe via radio the intermediate
multiplications, and deduce the decryption key.
An attacker, who is located near a computer performing Elgamal
operations with GnuPG on chosen messages, can therefore listen
radio signals from this computer, in order to guess a decryption
key.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GnuPG-key-detection-by-radio-listening-16284