IoT

Researchers Find New Fast-Acting Side-Channel Vulnerability

A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.

Researchers at Georgia Tech have found a side-channel attack that delivers the encryption key for a mobile device's RSA implementation. Oh, and it gets the key without physical access to the device. And in a single transaction. The good news is that there are limits.

The team presented their paper, One&Done: A Single-Decryption EM-Based Attack on OpenSSL's Constant-Time Blinded RSA, at the USENIX Security Symposium on Aug. 16. In the paper, they describe a method of "listening" to the electromagnetic signals generated by a processor whenever it is working data. As they listen to signals, they can convert those back into their native bits and capture the encryption key (and, frankly, any other data they wish) the first time it's processed.

"This successfully gets the key in only one encryption or decryption so you don't have to wait a long time," says paper co-author Milos Prvulovic, professor of computer science at Georgia Tech. He explains that the attack, which uses a small antenna placed a few inches from the device, is different from most of the side-channel attacks seeking encryption keys.

"Most require the device to decrypt a specific, specially crafted message. Others look at very small differences in the signal and require a huge amount of data. Ours extracts the key directly from how the algorithm works," he says. To prove the concept, the team performed research on, "… two Android-based mobile phones and an embedded system board, all with ARM processors operating at high (800 MHz to 1.1 GHz) frequencies…" according to the paper.

In the past, the team notes, capturing the very low-power signals generated by the processors would have required advanced, expensive radio receivers. Now, the paper states, receiving the signal is, "…well within the signal capture capabilities of compact commercially available sub-$1,000 software-defined radio (SDR) receivers such as the Ettus B200-mini."

A remedy for the attack was proposed in the paper, and provided to RSA ahead of publication. The researchers were able to capture the encryption key, Prvulovic says, because, "The secret bits are examined by the program one at a time. So we were able to just read out the bits one at a time." In their remediation, the researchers changed the implementation to read bits in parallel, rather than serial, fashion, making successful decryption a far more difficult and compute-intensive process.

Prvulovic says that their modification to the program makes the algorithm resistant to this particular attack, but other side-channel attacks may still be effective. A more potent defense, he says, comes from adhering to basic mobile-device hygiene. "All of these require close proximity, so you don't put your phone down on a table at a coffee shop or airport and do banking," Prvulovic says. "If you're holding the phone in your hand, it's highly likely you're secure. If someone's sufficiently close with a briefcase, then think about what you're doing."

Related content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:36:01 AM
Re: the security issues
You should tell people this is RSA in software on phones not hardware protected.

 

Your telling me RSA in hardware has been hacked!

 

Don't think so.....

 

Please do the same hack on SAML11 or 508a/608a protected hardware.

 

Everyone is living in the last millenia, in my books.

 

We don't use software security unless we are IDIOT's
A96.uk
100%
0%
A96.uk,
User Rank: Apprentice
8/28/2018 | 3:33:17 AM
Re: the security issues
I think the story should say the security is implimented in software!

 

Try this attack with U2F or 508a/608a hardware tamper resistant!

 

Lol so funny people still thinking RSA in software is safe.
evana112
0%
100%
evana112,
User Rank: Apprentice
8/20/2018 | 7:36:53 PM
the security issues
here I get some important ideas about the side channel vulnerabilities. this vulnerability can hamper the work. I have visited mcafee support. keep sharing this type of useful ideas. I get some important ideas about the security surveillance also.
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9962
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
CVE-2019-9963
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.
CVE-2019-9964
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.
CVE-2019-9965
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.
CVE-2019-9966
PUBLISHED: 2019-03-24
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.