Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.
The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device's power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy and counterfeiting.
An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so the spikes and bumps correlate to specific activity around the cryptography, Jun said.
To read more, see "Leaking crypto keys from mobile devices" on CNET News.