Attackers could steal crypto keys from mobile devices

Attackers could steal crypto keys from mobile devices

Summary: Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices.

SHARE:
Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device's power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy and counterfeiting.

An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so the spikes and bumps correlate to specific activity around the cryptography, Jun said.

To read more, see "Leaking crypto keys from mobile devices" on CNET News.

Topics: Mobility, Networking, Security, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Nothing New Here

    Those of us with even just a little knowledge about crypto and security have long known: physical access to the device is crucial. Keep that secure, and you have enabled all your other security measures. Allow physical access to the wrong people and you enable them instead of yourself.

    This attack really does require physical access to work, as has always been the case with DPA.
    mejohnsn
  • RE: Attackers could steal crypto keys from mobile devices

    I'm starting to think true secure computing is but a pipe dream.
    Bug_M-E-Not
  • RE: Attackers could steal crypto keys from mobile devices

    So, to summarize...
    When using your cellphone/PDA in public to do any transaction requiring cryptography (email, banking, etc.) take a look around the room for someone with an antenna, an oscilloscope, and decryptor, sitting within 3 feet of your position...OK...done...now, WTF did I put my foil hat??? Sheesh....
    <{;-)
    wizard57m-cnet