Researchers demonstrate RSA key security breach

By Brad Jones Published October 28, 2015

personal voter information exposed upguard discovers smtp server — Image used with permission by copyright holder

Right now, there are two major groups of people working on new hacking techniques — the hackers themselves, and the researchers who are tasked with slowing them down. Today, the Worcester Polytechnic Institute has shared findings from a team that’s been studying RSA encryption keys, a security measure used by thousands of businesses worldwide.

The team set about seeing exactly what hackers are capable of by creating a virtual machine on the same server as the target system. From the way that this target accessed its memory, the team could figure out when it was using an RSA key. Based on that timing, they could then determine the numerical value of the key itself.

Recommended Videos

The problem outlined by this work has already been solved by a patch from Libgcrypt, according to reporting from Phys.org. However, it remains to be seen how useful this solution will be, as the user has to install it rather than the service provider.

The paper published by Worcester Polytechnic Institute largely focuses on the challenges faced by cloud computing operations, with Amazon Web Services being one example of a potential target. The virtual machines used by these companies were once though to be impossible to attack, but more recent research has proven otherwise.

However, the report does praise Amazon for its efforts to make things more difficult for hackers. Thomas Eisenbarth, who led the research alongside Berk Sunar, notes that “crypto keys are safe if users follow security best practices and stick to well-maintained and fully patched crypto libraries.”

Organizations far more malicious than the Worcester Polytechnic Institute are almost certainly looking into these methods as well, so it’s encouraging to see work being done to cut them off at the pass. Cloud computing offers up some serious security challenges, so this sort of research is imperative to keeping them safe.

Topics

Former Digital Trends Contributor

Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…

Computing

Bing Chat just beat a security check to stop hackers and spammers

A depiction of a hacker breaking into a system via the use of code.

Bing Chat is no stranger to controversy -- in fact, sometimes it feels like there’s a never-ending stream of scandals surrounding it and tools like ChatGPT -- and now the artificial intelligence (AI) chatbot has found itself in hot water over its ability to defeat a common cybersecurity measure.

According to Denis Shiryaev, the CEO of AI startup Neural.love, chatbots like Bing Chat and ChatGPT can potentially be used to bypass a CAPTCHA code if you just ask them the right set of questions. If this turns out to be a widespread issue, it could have worrying implications for everyone’s online security.

Computing

This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram

A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Computing

Chrome is making a key change to protect you from phishing

Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.