Tech information that you never knew… Now at your fingertips
Posts tagged mobile phone
Leaking crypto keys from mobile devices
Oct 23rd
by Elinor Mills
October 20, 2009
http://news.cnet.com/8301-27080_3-10379115-245.html
Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.
The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device’s power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy, and counterfeiting.
An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so that the spikes and bumps correlate to specific activity around the cryptography, he said.
An oscilloscope and simple antenna can capture electromagnetic emissions from mobile devices. The large spikes correspond to secret keys used during cryptographic activity.
(Credit: Cryptography Research)
“While the chip performs cryptography it is massaging the secret key around in various ways. This processing causes information about the key to leak through the power consumption itself,” said Jun.
For instance, someone with the proper equipment could steal the cryptographic key from a device three feet away in a cafe in as short a time as a few minutes, he said. An attacker could replicate the key with the information and use it to read a victim’s e-mail or pretend to be the user in sensitive online transactions.
Smartphones and PDAs have been found to leak data unless they have countermeasures in place to protect against it, which Cryptography Research offers, according to Jun.
He would not say exactly which devices could be snooped on in this manner and said he did not know of any attacks in the wild using this method.
“I think we’re about to start seeing it on smartphones,” he said. “These attacks are not theoretical.”
This type of attack first surfaced about 10 years ago on cash register terminals and postage meters. Similar data leakage was found with smartIDs, secure USB tokens, smart cards, and cable boxes, he said.
Countermeasures can involve randomizing to throw noise into the measurements or changing the way the computation is done, Jun said.
Asked to comment on how threatening this type of attack could be, cryptography expert Bruce Schneier said the basic question is who stands to lose?
“Honestly, I don’t care if someone hacks a cable box–it’s not my money. Similarly, I don’t care how often a bank gets robbed as long as the bank doesn’t deduct the losses out of my personal account,” he said in an e-mail. “But if someone hacks my phone and either steals service that I am charged for, or causes me enough hassle to change my phone number, that’s bad.”
Mobile Phone Virus Hoax
Mar 27th
Example
Subject: FW: URGENT message for mobile phone users!!!
URGENT message for mobile phone users!!!Please be careful and mindful! All mobile users pay attention if you receive a phone call and your mobile phone displays ( ACE ) on the screen don’t answer the call. END THE CALL IMMEDIATELY if you answer the call, your phone will be infected by a virus. This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network.
You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. There are over 3 Million mobile phones being infected by this virus in USA now. you can also check this news in the CNN web site.
PLEASE FORWARD THIS PIECE OF INFORMATION TO ALL YOUR FRIENDS.
——————————————————————
All mobile users pay attention!!!!!!!!!
If you receive a phone call and your mobile phone displays(XALAN)on the screen don’t answer the call, END THE CALL IMMEDIATELY,if you answer the call,your phone will be infected by a virus. This virus WILL ERASE all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network. You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. There are over 3 Million mobile phones being infected by this virus in all around the world now. You can also check this news in the CNN web site.
PLEASE FORWARD THIS PIECE OF INFORMATION TO ALL YOUR FRIENDS HAVING A MOBILE PHONE.
Variants of this hoax have been circulating since 1999. The information in the email is completely untrue and has certainly not been “confirmed by both Motorola and Nokia”. If a virus had really destroyed the mobile phones of 3 million US users it would be a major news story around the world. There is nothing on the CNN site about this virus nor does a search of Google News reveal any articles that confirm the story.
However, there are legitimate news articles about a real mobile phone virus that was discovered back in June 2004. This worm, dubbed “Cabir” is basically a “proof of concept” virus and does little damage. Vnunet.com reports that the first outbreak of this virus “in the wild” occurred in Singapore in early October. Although Cabir is virtually harmless, it does indicate that mobile phone virus attacks are possible and may become a significant threat in the future. News of Cabir may also be giving new life to this old mobile phone virus hoax.While mobile phone viruses are real, experts maintain that the potential threat of such viruses has been exaggerated.
In any case, the information included in these emails is false and the “warnings” should be deleted without forwarding. Any “virus warnings” received via a forwarded email should not be taken at face value. Always take the time to confirm the information at a reputable anti-virus website.
