Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Cellphones Encryption Handhelds Security The Almighty Buck IT

Encryption Securing Mobile Money Transfers Can Be Broken 28

An anonymous reader writes: A group of researchers has proved that it is possible to break the encryption used by many mobile payment apps by simply measuring and analyzing the electromagnetic radiation emanating from smartphones. Modern cryptographic software on mobile phones, implementing the ECDSA digital signature algorithm, may inadvertently expose its secret keys through physical side channels: electromagnetic radiation and power consumption which fluctuate in a way that depends on secret information during the cryptographic computation.
This discussion has been archived. No new comments can be posted.

Encryption Securing Mobile Money Transfers Can Be Broken

Comments Filter:
  • by Anonymous Coward

    This means we don't have to fight with Apple every time we need to investigate a terrorist. We'll be safer as a result.

  • by Anonymous Coward

    This place has gone full retard anymore.

    https://www.cs.tau.ac.il/~trom... [tau.ac.il]

    There is useful link...

  • Obviously (Score:5, Funny)

    by Big Hairy Ian ( 1155547 ) on Tuesday March 22, 2016 @07:12AM (#51751343)
    Apple will be the 1st to release a mobile phone that is protected by a Faraday Cage
    • by Anonymous Coward on Tuesday March 22, 2016 @07:22AM (#51751391)

      They already did, it used the customer's hand to shield against signal interception

    • Yeah, and it will come in platinum and rose gold and cost only $199.99

    • I wonder how this will be affected by IoT connected homes using fusebox monitors and electric socket monitors and things. Seems an easy leap for a remote attacker to access a home network and get encryption keys from power draw information from the IoT devices!
  • by Anonymous Coward on Tuesday March 22, 2016 @07:20AM (#51751381)

    This is *not* a broken encryption (which the idiotic title suggests). Encryption is an algorithm. It doesn't exist physically.
    What is measured are side effects of the hardware at work. The hardware is broken then, but only if we assume it should be secure enough not to allow such measurements and analysis.

    >by simply measuring and analyzing the electromagnetic radiation emanating from smartphones
    This is not simple.
    That way you can 'simply' crack passwords by 'simply' looking at the keyboard when it is typed in.

    -- Ed

    • by kav2k ( 1545689 ) on Tuesday March 22, 2016 @07:38AM (#51751459)

      While true that it doesn't break the encryption algorithm itself - such things are rare.

      But one can argue it breaks an implementation of an algorithm. Which, arguably, doesn't "exist physically" either, it's still a bunch of bytes.

      However, there are software countermeasures to some side channel attacks (like constant-time calculations), so question is whether such mitigation is possible here. Looking at the article - that's exactly what's lacking with some software.

      Notable quote:
      > The OpenSSL's developers notified us that "hardware side-channel attacks are not in OpenSSL's threat model"

    • The way I understand it, if code is written in such a way as to reference private information in a predictable way, this allows for the side channel attack described.

      It should be possible to minimize, randomize and obfuscate these "calls" so that there is no predictable pattern.

      So, no, I don't think it is just a hardware problem. Though, I am sure there are ways to beef this up as well.

  • Flood the Channel (Score:4, Interesting)

    by necro81 ( 917438 ) on Tuesday March 22, 2016 @07:23AM (#51751397) Journal
    One potential countermeasure is to have the phone and receiver send back and forth lots of additional, random, and irrelevant chatter across the channel. This decreases the signal-to-noise ratio, and makes it harder for the potential attacker to figure out what the real key in all that communication and what is chaff.
  • by Gravis Zero ( 934156 ) on Tuesday March 22, 2016 @07:38AM (#51751461)

    This attack requires that the victim use an external power supply so that you can measure the power usage while they are performing the transfer. An unlikely attack configuration but smartphone makers could thwart all attack of this type by ensuring current draw while charging is consistent as to make it impossible to determine what the phone is doing.

  • Acceptable risk (Score:4, Insightful)

    by Opportunist ( 166417 ) on Tuesday March 22, 2016 @07:42AM (#51751491)

    Yes, that "security hole" has been known for a while now. Yes. We know. In the end, the complexity of the attack and the circumstances required are so specific that it simply isn't a viable attack vector.

    In other words, yes, you can die from a lightning strike. But that doesn't keep you inside, does it?

    • by Gr8Apes ( 679165 )
      I'm in my basement, do I need to head to my safe room?
    • by Bobo ( 4493993 )

      Yes, that "security hole" has been known for a while...

      In other words, yes, you can die from a lightning strike. But that doesn't keep you inside, does it?

      I thought the same thing but reading the paper the attack scenario seems reasonable. Steps should be taken to guard against this. Another user suggested mandating constant current during charging. First, that may not be desirable for battery longevity (turbo charging when the battery is at low capacity vs charging when it's at high). Second, that's insufficient to stop the attack, as it does not seem to require the phone be charging.

      Attack Scenario.

      Small loops of wire acting as EM probes can be easily concealed inside various objects (such as tabletops, phone cases (especially those containing an extra battery), or even food items [GPPT15]). See Figure 1. Monitoring the phone’s power consumption can be easily done by augmenting an aftermarket charger, external battery or battery case with the requisite equipment.

      In this context, phone cases which contain an additional battery (and therefore are connected to the phone’s charging port) are especially dangerous since these can be augmented to monitor both channels simultaneously, thus obtaining a potentially cleaner signal.

      The EM probe does not need to be attached to the charging port, just clos

      • by AHuxley ( 892839 )
        Re "I thought the same thing but reading the paper the attack scenario seems reasonable."
        Even if its only governments, mil and their contractors that can afford to do it or have the skilled teams in place? Then the ex staff and former staff and anyone who can afford the method via the services of ex and former staff around the world?
        Sooner or later every aspect of weak junk crypto is offered for sale on the open market. Best to fix such leaking issues at the design phase.
        A free traditional "charger" o
    • Yes. We know. In the end, the complexity of the attack and the circumstances required are so specific that it simply isn't a viable attack vector.

      This *peculiar* form of the attack is complicated: paying attention on the charging port. Possible implementation are quite limited (basically, having a public charging station with hacked USB charging ports).

      BUT, the same kind of attack vector (listening on outside signals to try to guess what's happening inside the computer) has had in the past a few quite more usable forms: a group of security researcher has presented guessing the key based on the *noise* produced by the computer. Works even with a smart

  • This is still more secure than the printed raised numbers system. There's already "person wasn't there" schemes in place to detect a copy of a card, and I assume that'll still be in place even if a radiation device can fool the payment sensor.

NOWPRINT. NOWPRINT. Clemclone, back to the shadows again. - The Firesign Theater

Working...