Attack Can Extract Crypto Keys From Mobile Device Signals

SAN FRANCISCO--Many carriers and mobile providers are touting smartphones as the future of secure mobile payment systems, enabling users to pay for purchases with an app on their phones, and this already reality in many parts of Asia and Europe. However, researchers have discovered that some of the more popular smartphone platforms leak sensitive data during these transactions that could allow criminals to spoof a victim's phone and make purchases with the victim's account.

The conditions that enable this kind of attack are not the result of any vulnerability in a specific phone or application or cryptographic algorithm. Instead, they derive from the fact that smartphones and other devices use more power during certain operations, including cryptographic computations. As a result, researchers at Cryptography Research have developed an attack that enables them to monitor the wireless signal of a smartphone within about ten feet, map the variations in the signal and then identify the part of the signal that includes the cryptographic key that's used during a secure mobile payment operation.

"In general, if you can extract the key from a payment device, you can clone it and you can control the balance. You can mimic the user," said Ben Jun, vice president of technology at Cryptography Research. "It's not that the system itself is flawed, it's that the implementation of the crypto needs to be done very carefully."

In a demonstration of the attack, the researchers used a small antenna, a ham radio and a PC, roughly $2,000 worth of equipment. The attack is completely passive and doesn't require tha attacker to send any signals to the device or try to glitch it in any way. As the wireless signal is traced, the CRI researchers monitored a frequency map to ensure that they're homing in on the right signal and also watched a demodulated version of the signal.

That trace is correlated to what the device is doing at any given time and when the phone is performing a cryptographic operation, the change in the signal is easily identifiable and the researchers can then single out the SSL key and extract it. In the demo, the phone is running a custom app that CRI wrote that includes an SSL implementation.

"The transistors that are doing the processing have asymmetries when they do the work," Jun said. "The guy who built the chip was aware of this, the guy who wrote the apps probably wasn't and the crypto guy definitely wasn't. It's something at the very core of the device that's leaking info and the attacker can extract that."

Smartphones, such as iPhones, BlackBerrys and Android devices, are rapidly emerging as the preferred computing platform for many users and in many parts of the world, they already are used as payment devices and the primary entertainment devices. Payment and delivery of digital content such as movies and TV shows are seen as the killer apps for many of these users and attacks such as this one raise questions about the wisdom of using the current generation of devices for these functions.

"This is not entirely new. There is an understanding that if you're doing crypto computations on a phone that data can leak," Jun said. "These phones need a little more protection before they can move on to the next class of secure apps. This is kind of interesting, because it's entirely passive."

Jun said that there are some countermeasures that can defend against this attack, including methods for balancing the power usage of the phone to avoid noticeable spikes. But what's really needed is a more systemic fix.

"We're starting to hear people talk about protecting against mobile attacks now and not just talking about mobile malware anymore," he said. "It's important how well these devices keep secrets."

Commenting on this Article is closed.