The Cybersecurity team at Napier University has analysing cryptography on embedded devices. Their latest findings have been published by Professor William Buchanan, Director for of the Centre of Distributed Computing, Networking and Security (DCDS) via LinkedIn. The research shows that mobile devices could be giving away the encryption keys that are protecting the data stored on the device.
Monitoring the power drain on a mobile device tells you what is happening when data is written. In his LinkedIn piece Buchanan says: “The basic theory is that if I change a single bit from a 0 to 1, I will see an upward spike in the power drain, and if I change from a 1 to 0, I will see a downward spike. If I only change one bit in my data, then the spike is due to that single bit.”
Buchanan goes on to explain how this impacts AES saying: “..the first stage of AES takes the data bits and EX-ORs with the key bits.” By monitoring the power rail you can see if the least significant bit is a 1 or a 0. Repeat a few times and Buchanan says it is possible to pick off part of the key just by observing the EX-OR function at the start of AES. Keep repeating it and soon you have the AES key which enables you to decrypt the data on the device.
It’s easy to dismiss this as an esoteric attack on defenceless device. After all, strip anything down, place in restraints and attach crocodile clips to sensitive parts and you can learn a lot of things. This has much more potential than that. How long before law enforcement uses it access mobile devices that Apple and others won’t unlock? If it can be done at a university then it can be replicated elsewhere. There are plenty of smart criminals and intelligence agents out there. Most of them have more money than university research departments. If you lose a device you can no longer rely on the encryption.
Anyone who wants to see this in action can do so. It will be demonstrated by Professor Buchanan and his team at the International Conference on Cryptography and High Performance Computing in Edinburgh.
Conclusion
This is not the only research showing how easy it is to access supposedly secure data. Earlier this year researchers demonstrated how wireless mice and keyboards were good news for hackers. Data is transmitted unencrypted making it easy to capture sensitive information. Hackers were also able to take control of devices and interact with computers as if they were the user. The hacker didn’t need to be close to the computer. Research shows this can be done from several hundred feet. With office blocks beginning to sprout mobile coffee shops, this makes offices in those buildings an easy target.
This latest attack does require access to the device. What will worry security advocates is that just using encryption on the device is no longer enough.
