madison
Home / News & Blogs

Attackers could steal crypto keys from mobile devices

Elinor Mills CNET News | October 21, 2009 4:51 AM PDT

Summary

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices.

Topics

Cryptography Research, Attacker, Mobile, Radio Frequency, Radio, Mobile Device, Advertising & Promotion, Network Technology, Wireless And Mobility, Marketing, Networking, security, crypto, Elinor Mills CNET News
Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device's power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy and counterfeiting.

An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so the spikes and bumps correlate to specific activity around the cryptography, Jun said.

To read more, see "Leaking crypto keys from mobile devices" on CNET News.

Talkback Most Recent of 3 Talkback(s)

  • Nothing New Here
    Those of us with even just a little knowledge about crypto and security have long known: physical access to the device is crucial. Keep that secure, and you have enabled all your other security measures. Allow physical access to the wrong people and you enable them instead of yourself.

    This attack really does require physical access to work, as has always been the case with DPA.
    ZDNet Gravatar
    mejohnsn
    21st Oct 2009
  • RE: Attackers could steal crypto keys from mobile devices
    I'm starting to think true secure computing is but a pipe dream.
    ZDNet Gravatar
    Bug_M-E-Not
    21st Oct 2009
  • RE: Attackers could steal crypto keys from mobile devices
    So, to summarize...
    When using your cellphone/PDA in public to do any transaction requiring cryptography (email, banking, etc.) take a look around the room for someone with an antenna, an oscilloscope, and decryptor, sitting within 3 feet of your position...OK...done...now, WTF did I put my foil hat??? Sheesh....
    {;-)
    ZDNet Gravatar
    wizard57m@...
    21st Oct 2009

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity