Out With The Old, In With The Old
In cryptography, a side channel attack is any kind of attack that gathers information from the system by the physical implementation of a cryptosystem instead of cryptanalysis that finds out weaknesses in the program and then exploits them to intrude into systems.
Side channel attacks are a common technique used to hack into air-gapped computers but a recent development by researchers show that it can be used to steal encryption keys Android smartphones and iOS operated gadgets.
The discovery was done by researchers from Tel Aviv and Adelaide who traced the electromagnetic radiations coming out from the Android and iOS devices to extract their encryption keys. Other than electromagnetic leaks, timing information, power consumption, sound waves and timing information can also be exploited by a side channel attack.
The five researchers, who have been involved in this invention, have used similar techniques to come to a conclusion. Their methodologies have been mentioned in the research paper titled ‘ECDSA Key Extraction from Mobile Devices via Non-Intrusive Physical Side Channels’.
The researchers carried out the attack against ECDSA or Elliptic Curve Digital Signature, which is commonly utilised by Bitcoin wallets and Apple Pay. They, thus successfully tested their attack by extracting encryption codes from gadgets operating cryptographic methods for applications like Bitcoin Core, OpenSSL, and other iOS apps.
But There’s More!
A hacker who may want to replicate such a side channel attack may do so easily by placing a 2 dollar magnetic probe close to the phone so that it easily receives the radiation from the device that has been targeted by the hacker. After the radiation is collected in this manner, it is transformed to an electric current that carries it to a computer running signal processing software with the help of a USB port.
CPUs emit electromagnetic radiations in a certain recognisable pattern for DOUBLE (x2) and ADD operations. After these waves are collected and analysed, scientists would be able to reconstruct the workings of the algorithm through mathematical deductions.
In addition to this, by knowing other parameters like “the outputted data (encrypted traffic), the algorithm’s inner working (via recorded operation logs), and the two hints (the position of DOUBLE and ADD operations)”, researchers will finally be in a position to reconstruct the encryption code.
However, the expertise required to carry out such a hack is huge and often, most hackers are unable to understand the complexity of it. Hence, this method may appear to be quite impractical.