Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT

Researchers Find New Fast-Acting Side-Channel Vulnerability

A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.

Researchers at Georgia Tech have found a side-channel attack that delivers the encryption key for a mobile device's RSA implementation. Oh, and it gets the key without physical access to the device. And in a single transaction. The good news is that there are limits.

The team presented their paper, One&Done: A Single-Decryption EM-Based Attack on OpenSSL's Constant-Time Blinded RSA, at the USENIX Security Symposium on Aug. 16. In the paper, they describe a method of "listening" to the electromagnetic signals generated by a processor whenever it is working data. As they listen to signals, they can convert those back into their native bits and capture the encryption key (and, frankly, any other data they wish) the first time it's processed.

"This successfully gets the key in only one encryption or decryption so you don't have to wait a long time," says paper co-author Milos Prvulovic, professor of computer science at Georgia Tech. He explains that the attack, which uses a small antenna placed a few inches from the device, is different from most of the side-channel attacks seeking encryption keys.

"Most require the device to decrypt a specific, specially crafted message. Others look at very small differences in the signal and require a huge amount of data. Ours extracts the key directly from how the algorithm works," he says. To prove the concept, the team performed research on, "… two Android-based mobile phones and an embedded system board, all with ARM processors operating at high (800 MHz to 1.1 GHz) frequencies…" according to the paper.

In the past, the team notes, capturing the very low-power signals generated by the processors would have required advanced, expensive radio receivers. Now, the paper states, receiving the signal is, "…well within the signal capture capabilities of compact commercially available sub-$1,000 software-defined radio (SDR) receivers such as the Ettus B200-mini."

A remedy for the attack was proposed in the paper, and provided to RSA ahead of publication. The researchers were able to capture the encryption key, Prvulovic says, because, "The secret bits are examined by the program one at a time. So we were able to just read out the bits one at a time." In their remediation, the researchers changed the implementation to read bits in parallel, rather than serial, fashion, making successful decryption a far more difficult and compute-intensive process.

Prvulovic says that their modification to the program makes the algorithm resistant to this particular attack, but other side-channel attacks may still be effective. A more potent defense, he says, comes from adhering to basic mobile-device hygiene. "All of these require close proximity, so you don't put your phone down on a table at a coffee shop or airport and do banking," Prvulovic says. "If you're holding the phone in your hand, it's highly likely you're secure. If someone's sufficiently close with a briefcase, then think about what you're doing."

Related content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:36:01 AM
Re: the security issues
You should tell people this is RSA in software on phones not hardware protected.

 

Your telling me RSA in hardware has been hacked!

 

Don't think so.....

 

Please do the same hack on SAML11 or 508a/608a protected hardware.

 

Everyone is living in the last millenia, in my books.

 

We don't use software security unless we are IDIOT's
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:33:17 AM
Re: the security issues
I think the story should say the security is implimented in software!

 

Try this attack with U2F or 508a/608a hardware tamper resistant!

 

Lol so funny people still thinking RSA in software is safe.
evana112
0%
100%
evana112,
User Rank: Apprentice
8/20/2018 | 7:36:53 PM
the security issues
here I get some important ideas about the side channel vulnerabilities. this vulnerability can hamper the work. I have visited mcafee support. keep sharing this type of useful ideas. I get some important ideas about the security surveillance also.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16199
PUBLISHED: 2019-09-17
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
CVE-2019-16391
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
CVE-2019-16392
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
CVE-2019-16393
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
CVE-2019-16394
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.