Crypto Keys Can Be Stolen from Mobile Devices

[exfileme]

Apparently there's a way to steal cryptographic keys from mobile devices, leaving the user's info wide open for theft.

Crypto Keys Can Be Stolen from Mobile Devices : Read more

 

[jellico]

"For now, CR wasn't forthcoming about which mobile device is highly susceptible to the attack, however Jun told CNET that he wasn't aware of any attacks "in the wild" using this type of method. Still, he seemed rather cautious. "I think we're about to start seeing it on smartphones," he said. "These attacks are not theoretical."

They are not in the wild because this is the sort of attack that would pretty much only be performed by a government or a large corporation. So, the FBI might use this against a high-value terrorist suspect. But the street level drug dealer wouldn't be worth the effort.

 

[bill gates is your daddy]

That's nice and all but will my porn be ok???

 

[geoffs]

This is 3-5 year old news. DPA has been a known attack vector for encryption chips including smart cards, etc for quite some time. The company's claim

Unlike physical attacks, SPA and DPA attacks are non-invasive, easily-automated, and can be mounted without knowing the design of the target device.

is made rather implausible by the very next paragraph.

CR's vice president of technology Benjamin Jun saying that attackers would need to use special equipment that measures electromagnetic signals emitted by chips inside the device. Attackers could also attach a sensor to the device's power supply as well, however that would be more "hands on" than the former approach.

In short, for most devices, you have to be able to measure it's power consumption with very high accuracy and precision, far more than you can get passively from a user sitting across the room.

And in other breaking news, Microsoft announced that their latest operating system Windows Vista will ship in January (2007 that is).

 

[Shadow703793]

[citation][nom]jellico[/nom]"For now, CR wasn't forthcoming about which mobile device is highly susceptible to the attack, however Jun told CNET that he wasn't aware of any attacks "in the wild" using this type of method. Still, he seemed rather cautious. "I think we're about to start seeing it on smartphones," he said. "These attacks are not theoretical."They are not in the wild because this is the sort of attack that would pretty much only be performed by a government or a large corporation. So, the FBI might use this against a high-value terrorist suspect. But the street level drug dealer wouldn't be worth the effort.[/citation]
True, but a very well paid hacker could target high value businesses or businessmen/women for a foreign gov't etc.