Electromagnetic emissions from smartphones analyzed for security vulnerability
A platform to improve smartphone security and that of other electronic devices was recently presented in Canada in an international conference on security and privacy, the Workshop on Security and Privacy on Internet of Things. The research focuses on "lateral movement attacks," which happen when "someone tries to take advantage of an electric current producing a magnetic field for illicit purposes鈥攊n this case, the attacker tries to extract the private password from the encryption, to which he theoretically should not have access," explained researcher Jos茅 Mar铆a de Fuentes, UC3M Computer Security Lab (COSEC).
Traditionally, hackers have tried to attack the encrypted algorithm, the process that protects data, which normally has a complicated mathematical base. Later, they sought other ways of breaching security without having to "break" the math upon which it is based. "When the devices are on, they use energy and generate electromagnetic fields. We try to capture their traces to obtain the encryption key, and at the same time, decipher the data," explained Lorena Gonz谩lez, also from the UC3M COSEC.
Digital vulnerability
"We want to make it known that these types of devices have vulnerabilities, because if an adversary attacks them, that is, if someone calculates the password on a cell phone, it will make people vulnerable, and data will no longer be private," said Luis Hern谩ndez Encinas from the Institute for 糖心视频ical and Information Technologies.
The basic aim of this research is to detect and make known the vulnerabilities of electronic devices and their chips so that software and hardware developers can implement appropriate countermeasures to protect user security. "Our work is to verify whether this has been carried out correctly and try to attack again to check for any other types of vulnerabilities," added Hern谩ndez Encinas.
The most relevant aspect of the project, according to the researchers, is that an architecture and work environment is being developed in which this type of lateral movement attack can be explored. In fact, it is possible to extract encrypted information from other data, such as variations in temperature of the device, power consumption, and the time it takes a chip to process a calculation.
More information: A Framework for Acquiring and Analyzing Traces from Cryptographic Devices. A. Blanco Blanco, J.M. de Fuentes, L. Gonz谩lez Manzano, L. Hern谩ndez Encinas, A. Mart铆n Mu帽oz, J.L. Rodrigo Oliva, I. S谩nchez Garc铆a. Workshop on Security and Privacy on Internet of Things (SePrIoT) 2017. 13th EAI International Conference on Security and Privacy in Communication Networks. 25th October 2017, Niagara Falls, Canada.
Provided by Carlos III University of Madrid
