Attack Can Extract Crypto Keys From Mobile Device Signals

SAN FRANCISCO–Many carriers and mobile providers are touting
smartphones as the future of secure mobile payment systems, enabling
users to pay for purchases with an app on their phones, and this already
reality in many parts of Asia and Europe. However, researchers have
discovered that some of the more popular smartphone platforms leak
sensitive data during these transactions that could allow criminals to
spoof a victim’s phone and make purchases with the victim’s account.

Crypto keysSAN FRANCISCO–Many carriers and mobile providers are touting
smartphones as the future of secure mobile payment systems, enabling
users to pay for purchases with an app on their phones, and this already
reality in many parts of Asia and Europe. However, researchers have
discovered that some of the more popular smartphone platforms leak
sensitive data during these transactions that could allow criminals to
spoof a victim’s phone and make purchases with the victim’s account.

The
conditions that enable this kind of attack are not the result of any
vulnerability in a specific phone or application or cryptographic
algorithm. Instead, they derive from the fact that smartphones and other
devices use more power during certain operations, including
cryptographic computations. As a result, researchers at Cryptography
Research have developed an attack that enables them to monitor the
wireless signal of a smartphone within about ten feet, map the variations in the signal and
then identify the part of the signal that includes the cryptographic key
that’s used during a secure mobile payment operation.

“In
general, if you can extract the key from a payment device, you can clone
it and you can control the balance. You can mimic the user,” said Ben Jun, vice president of technology at Cryptography Research. “It’s not
that the system itself is flawed, it’s that the implementation of the
crypto needs to be done very carefully.”

In a demonstration of the
attack, the researchers used a small antenna, a ham radio and a PC,
roughly $2,000 worth of equipment. The attack is completely passive and
doesn’t require tha attacker to send any signals to the device or try to
glitch it in any way. As the wireless signal is traced, the CRI
researchers monitored a frequency map to ensure that they’re homing in
on the right signal and also watched a demodulated version of the
signal.

That trace is correlated to what the device is doing at
any given time and when the phone is performing a cryptographic
operation, the change in the signal is easily identifiable and the
researchers can then single out the SSL key and extract it. In the demo,
the phone is running a custom app that CRI wrote that includes an SSL
implementation.

“The transistors that are doing the processing
have asymmetries when they do the work,” Jun said. “The guy who built
the chip was aware of this, the guy who wrote the apps probably wasn’t
and the crypto guy definitely wasn’t. It’s something at the very core of
the device that’s leaking info and the attacker can extract that.”

Smartphones,
such as iPhones, BlackBerrys and Android devices, are rapidly emerging
as the preferred computing platform for many users and in many parts of
the world, they already are used as payment devices and the primary
entertainment devices. Payment and delivery of digital content such as
movies and TV shows are seen as the killer apps for many of these users
and attacks such as this one raise questions about the wisdom of using
the current generation of devices for these functions.

“This is
not entirely new. There is an understanding that if you’re doing crypto
computations on a phone that data can leak,” Jun said. “These phones
need a little more protection before they can move on to the next class
of secure apps. This is kind of interesting, because it’s entirely
passive.”

Jun said that there are some countermeasures that can
defend against this attack, including methods for balancing the power
usage of the phone to avoid noticeable spikes. But what’s really needed
is a more systemic fix.

“We’re starting to hear people talk about
protecting against mobile attacks now and not just talking about mobile
malware anymore,” he said. “It’s important how well these devices keep
secrets.”

Suggested articles