Attackers could steal crypto keys from mobile devices

Elinor Mills CNET News | October 21, 2009 4:51 AM PDT

Summary

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices.

Topics

Cryptography Research, Attacker, Mobile, Radio Frequency, Radio, Mobile Device, Advertising & Promotion, Network Technology, Wireless And Mobility, Marketing, Networking, security, crypto, Elinor Mills CNET News

Vendor HotSpot

The 360° Conversation around Cloud Computing

TECH VISUALIZER brings the social conversation to life... powered by Brocade

Learn More »

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device's power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy and counterfeiting.

An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so the spikes and bumps correlate to specific activity around the cryptography, Jun said.

To read more, see "Leaking crypto keys from mobile devices" on CNET News.

Comments

Add Your Opinion

Join the conversation!

Follow via:: RSS; Email Alert

Just In

RE: Attackers could steal crypto keys from mobile devices

wizard57m@... 21st Oct 2009

So, to summarize...
When using your cellphone/PDA in public to do any transaction requiring cryptography (email, banking, etc.) take a look around the room for someone with an antenna, an oscilloscope, and decryptor, sitting within 3 feet of your position...OK...done...now, WTF did I put my foil hat??? Sheesh....
{;-)

View in thread

Please Select
Please Select

0 Votes

+ -

Nothing New Here

mejohnsn 21st Oct 2009

Those of us with even just a little knowledge about crypto and security have long known: physical access to the device is crucial. Keep that secure, and you have enabled all your other security measures. Allow physical access to the wrong people and you enable them instead of yourself.

This attack really does require physical access to work, as has always been the case with DPA.