University of Michigan researchers said the RSA algorithm is used in media players, laptop computers, smartphones, servers and other electronic devices. It's also used to ensure the safety of customers' online information.
The researchers, co-led by Associate Professor Valeria Bertacco, said they found they could foil the security system by varying the voltage supply to the holder of the "private key.
"The RSA algorithm gives security under the assumption that as long as the private key is private, you can't break in unless you guess it. We've shown that that's not true," said Bertacco, explaining the private keys contain more than 1,000 digits of binary code. To guess a number that large would take longer than the age of the universe, the scientist said.
Using their voltage tweaking scheme, the researchers were able to extract the private key in approximately 100 hours.
"RSA authentication is so popular because it was thought to be so secure," said Professor Todd Austin, who co-led the study. "Our work redefines the level of security it offers. It lowers the safety assurance by a significant amount."
Doctoral student Andrea Pellegrini is to present the research in Dresden, Germany, Wednesday during the Design, Automation and Test in Europe conference.