14 DAY TRIAL // Five researchers from universities in Tel Aviv and Adelaide have devised a new crypto side-channel attack that can extract encryption keys from electromagnetic emanations coming out of Android and iOS devices that are running cryptographic operations.
Side-channel attack is the name given to a series of operations that record and analyze data given out by devices running cryptographic operations, data that allows a third-party to extract small tidbits of information that can be helpful in reconstructing the encryption key.
There are many types of side-channel attacks known today, and most of them are either accurate but very costly, or easy to carry out but with unreliable results.
Attack works against OpenSSL, Apple Pay, and Bitcoin crypto operations
This most recent attack, described in the ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels research paper is part of the first category.
First of all, it's efficient because if enough data is collected, the attack can accurately reconstruct the original encryption key. The attack is carried out against the Elliptic Curve Digital Signature Algorithm (ECDSA), used by many Bitcoin wallets, Apple Pay, and even OpenSSL.
Researchers have successfully tested their attack by extracting encryption keys from devices running cryptographic operations for applications such as CoreBitcoin, Bitcoin Core, OpenSSL, and iOS apps implementing the iOS CommonCrypto library.
The attacker only needs to place a $2 magnetic probe in a phone's proximity so he could record radiation emanated from the device. This radiation is then converted into an electric current and sent via a USB cable to a nearby computer running signal processing software.
Because of the way the ECDSA algorithm works with data, CPUs will emit electromagnetic waves in a certain pattern for DOUBLE (x2) and ADD operations. By being able to recognize these two operations, the scientists would then be able to reconstruct how the algorithm works by guessing the other mathematical computations.
The attack is efficient but impractical
By knowing the outputted data (encrypted traffic), the algorithm's inner working ( via recorded operation logs), and the two hints (the position of DOUBLE and ADD operations), researchers are then able to reconstruct the encryption key.
This is where the method's downside comes in. To be able to carry out this attack, researchers need a lot of encryption operations logged to determine the initial encryption key. Additionally, for some devices more complex laboratory equipment is needed.
Unless someone decides to stand still and make a few thousand Apple payments inside a room surrounded by all kinds of laboratory equipment, then most users would be safe from these types of attacks.
