Source: Tom's Guide US | Keywords: Mobile, Devices, Keys, Cryptography, Theft | Themes: Software, Smartphones
Apparently there's a way to steal cryptographic keys from mobile devices, leaving the user's info wide open for theft.
Cryptography Research (CP) is reporting that its security researchers have found a way to extract secret keys and compromise the security of smart cards and other cryptographic devices. Called Differential Power Analysis (DPA), this attack is performed by analyzing the device's power consumption or radio frequency emissions.
"Simple Power Analysis (SPA) is a simpler form of the attack that does not require statistical analysis," the company said. "Unlike physical attacks, SPA and DPA attacks are non-invasive, easily-automated, and can be mounted without knowing the design of the target device." Naturally, the company has developed "solutions" to combat these attacks.
CNET expands on the report, with CR's vice president of technology Benjamin Jun saying that attackers would need to use special equipment that measures electromagnetic signals emitted by chips inside the device. Attackers could also attach a sensor to the device's power supply as well, however that would be more "hands on" than the former approach.
For now, CR wasn't forthcoming about which mobile device is highly susceptible to the attack, however Jun told CNET that he wasn't aware of any attacks "in the wild" using this type of method. Still, he seemed rather cautious. "I think we're about to start seeing it on smartphones," he said. "These attacks are not theoretical."
-
Previous News Article
Honda's Hybrid Sports Coupe... -
Next News Article
PS3 Slams Into, Kills Bravia...
"For now, CR wasn't forthcoming about which mobile device is highly susceptible to the attack, however Jun told CNET that he wasn't aware of any attacks "in the wild" using this type of method. Still, he seemed rather cautious. "I think we're about to start seeing it on smartphones," he said. "These attacks are not theoretical."
They are not in the wild because this is the sort of attack that would pretty much only be performed by a government or a large corporation. So, the FBI might use this against a high-value terrorist suspect. But the street level drug dealer wouldn't be worth the effort.
That's nice and all but will my porn be ok???
This is 3-5 year old news. DPA has been a known attack vector for encryption chips including smart cards, etc for quite some time. The company's claim
And in other breaking news, Microsoft announced that their latest operating system Windows Vista will ship in January (2007 that is).
"For now, CR wasn't forthcoming about which mobile device is highly susceptible to the attack, however Jun told CNET that he wasn't aware of any attacks "in the wild" using this type of method. Still, he seemed rather cautious. "I think we're about to start seeing it on smartphones," he said. "These attacks are not theoretical."They are not in the wild because this is the sort of attack that would pretty much only be performed by a government or a large corporation. So, the FBI might use this against a high-value terrorist suspect. But the street level drug dealer wouldn't be worth the effort.
True, but a very well paid hacker could target high value businesses or businessmen/women for a foreign gov't etc.