In association with heise online

21 October 2009, 16:59

Researchers read the cryptographic keys of mobile phones

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security researchers have managed to read the communication encryption and user authentication keys required for mobile devices. Benjamin Jun, VP of technology at Cryptography Research, told CNET News this was achieved by means of differential power analysis (DPA), a form of side-channel attack. Fluctuations in energy consumption that take place during cryptographic operations cause the chips in the phone to radiate a corresponding electromagnetic signal. This can be measured, either by an external sensor or by attaching a sensor to the phone's power supply, and analysed to crack the encryption. The drawback of this method is that it requires either being in possession of the device or, within a metre or so of the victim.

Re-radiation is common with electronic devices and detector vans used to be used in the UK to locate unlicensed television reception by picking up the radiation from the TV electronics. A similar technique, called Van Eck phreaking, involves picking up the radiation from a computers video signals to re-create the screen image.

Jun would not give specifics of which devices can be successfully hacked in this way and said that although he was not aware of any successful attacks by criminals using this method he did "think we're about to start seeing it on smartphones," and "These attacks are not theoretical."

The tell-tail signals can be masked by adding random operations or shuffling the computations.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit