There’s a new form of attack on Android and iOS phones that can steal cryptographic keys and expose financial transactions that use Bitcoin and mobile payment systems to attacks.
The exploit, demonstrated by a group of security researchers from Tel Aviv University, Technion and The University of Adelaide, affects a crypto system called Elliptic Curve Digital Signature Algorithm which is designed to speed up cryptographic processes.
The side-channel attack can be carried out just by measuring electromagnetic emanations coming from cryptographic operations using a probe placed near a mobile device or a simple adapter connected to the USB charging cable. This process works to extract the crypto keys from the ongoing financial transactions.
According to the researchers, the exploit allowed them to get the secret signing keys from OpenSSL and CoreBitcoin that operate on iOS devices. The exploit was tested on a Sony-Ericsson Xperia x10 Phone that runs Android, although the researchers did not push through the secret key extraction stage. But they have a strong conviction that the conceptual attack could be performed by hackers sooner or later. It’s only a matter of time before we see Android and iOS devices falling prey to this kind of attack.
The vulnerability seems to affect past versions of the iOS operating system between the 7.1.2 and 8.3 iterations, which do not have a defense mechanism against side-channel attacks unlike the 9.x version.
But that does not mean users of the latest iOS versions are exempted from attacks that could be inspired by this exploit. They can still fall prey to side-channel attacks if they use susceptible apps such as the CoreBitcoin for iOS, an app that works to secure Bitcoins on iPhones and iPads. The app does not use the iOS CommonCrypto library, but instead implements its own cryptographic protocol, which makes it vulnerable to attacks meant to steal crypto key.
In order for the attack to be carried out, an attacker must possess a cable or probe and hold it close to a mobile device that performs cryptographic operations so that enough amount of Elliptic Curve Digital Signature Algorithm signatures are extracted. As this is a primary requirement for the attack, the exploit might look impractical to hackers, especially if the device’s owner will notice any USB cable plugged to their device or a probe placed near it.
The possibility remains, however, that the attack of this sort can still be carried out furtively through a variety of disguises. For one, probes can operate even when hidden from sight.
Leave a Reply