• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Write for Us
  • Contact
  • Advertise
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Bitcoins and other online assets under risk from a crypto-stealing Android and iOS attack

Updated on Mar 4, 2016 by Guest Authors

There’s a new form of attack on Android and iOS phones that can steal cryptographic keys and expose financial transactions that use Bitcoin and mobile payment systems to attacks.

The exploit, demonstrated by a group of security researchers from Tel Aviv University, Technion and The University of Adelaide, affects a crypto system called Elliptic Curve Digital Signature Algorithm which is designed to speed up cryptographic processes.

bitcoin

The side-channel attack can be carried out just by measuring electromagnetic emanations coming from cryptographic operations using a probe placed near a mobile device or a simple adapter connected to the USB charging cable. This process works to extract the crypto keys from the ongoing financial transactions.

According to the researchers, the exploit allowed them to get the secret signing keys from OpenSSL and CoreBitcoin that operate on iOS devices. The exploit was tested on a Sony-Ericsson Xperia x10 Phone that runs Android, although the researchers did not push through the secret key extraction stage. But they have a strong conviction that the conceptual attack could be performed by hackers sooner or later. It’s only a matter of time before we see Android and iOS devices falling prey to this kind of attack.

The vulnerability seems to affect past versions of the iOS operating system between the 7.1.2 and 8.3 iterations, which do not have a defense mechanism against side-channel attacks unlike the 9.x version.

But that does not mean users of the latest iOS versions are exempted from attacks that could be inspired by this exploit. They can still fall prey to side-channel attacks if they use susceptible apps such as the CoreBitcoin for iOS, an app that works to secure Bitcoins on iPhones and iPads. The app does not use the iOS CommonCrypto library, but instead implements its own cryptographic protocol, which makes it vulnerable to attacks meant to steal crypto key.

In order for the attack to be carried out, an attacker must possess a cable or probe and hold it close to a mobile device that performs cryptographic operations so that enough amount of Elliptic Curve Digital Signature Algorithm signatures are extracted. As this is a primary requirement for the attack, the exploit might look impractical to hackers, especially if the device’s owner will notice any USB cable plugged to their device or a probe placed near it.

The possibility remains, however, that the attack of this sort can still be carried out furtively through a variety of disguises. For one, probes can operate even when hidden from sight.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Keychron K4 Wireless Mechanical Keyboard Review – The Biggest & The Best?

Keychron K6 Wireless Mechanical Keyboard Review – Nice Balance Between Design and Function

AuthenTrend AT.Wallet Fingerprint Cryptocurrency Wallet Review – The Coolest One You Can Buy

Yeedi K650 Robot Vacuum Review – A Good Basic Vacuum

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Samsung Galaxy S21 Ultra Model Number SM-G998* Differences
  • Samsung Galaxy S21+ 5G Model Number SM-G996* Differences
  • Samsung Galaxy S21 5G Model Number SM-G991* Differences
  • How to Read and Write to NTFS Drives on Apple M1 Mac?

Copyright © 2021 · All Rights Reserved