
Single-decryption EM-based attack reveals private keys from Android phones [pdf] - dhx
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-alam.pdf
======
lucb1e
For those not familiar with reading papers, just read the conclusion and see
figure 12 on the same page. It's a fair summary of both the obtained results,
required hardware and possible mitigation.

They mention "sub-$1000 hardware" as required, but for 1GHz and 40MHz, a
HackRF One knock-off of $150-$200 should do just fine. Heck, you might be able
to run with some DVB-T sticks at $20 depending on the chip in your particular
model and production batch (the one for $15 I had went from 20-800MHz, just
short of a gigahertz).

~~~
vectorEQ
this magnetic probe they use, you think it's hall probe -> frequency analyser?
perhaps a hall sensor + arduino would work ? (sorry im not good with
electronics :D..?) i'm wondering how to get the magnetic signal into my hackrf
or arduino. how to catch it? they just mention using a probe, and i see on the
picture some device which looks just to be hooked up to antenna cable?

~~~
vvanders
Could just be a coil of wire with a LNA in front of it. Would be curious about
the details as well.

~~~
DoctorOetker
I wonder if one could use the read head from an old HDD

------
jtchang
It's interesting how we've really entered the era of side channel attacks and
vulnerabilities. We're seeing this with the meltdown bugs (speculative
execution is a kind of side channel) and now we are seeing stuff where even if
your code is well written you have to take into account if the hardware
executes in a certain way to leak EM emissions.

I imagine we are going to see more and more of these types of attacks.

~~~
mikeash
Meltdown is ultimately a timing attack, so it definitely qualifies.

I take this as an indication that the underlying cryptographic primitives have
become _really good_ , so it’s no longer (usually) practical to attack that
layer.

~~~
21
Were the underlying cryptographic primitives ever bad (in a practical attack
sense)? Even DES with it's 56 bit key was not cracked in a real targeted
attack.

~~~
rincebrain
I mean, DES could be broken fairly fast with commodity GPUs 8 years ago [1],
it's not gotten slower to break since.

[1] -
[http://home.deib.polimi.it/barenghi/files/ITNG2010.pdf](http://home.deib.polimi.it/barenghi/files/ITNG2010.pdf)

------
sschueller
Ironic that a user with a rooted phone will probably have this fix before
official firmwares get updated if at all. Yet most banks and some other app
(snapchat) don't let you run them if you phone is rooted.

~~~
perl4ever
Tangentially, on the topic of banks & security, I decided the other day I
would try out the virtual credit card number feature available on one of my
credit cards. It turns out using the feature requires...Flash! Sigh.

~~~
bubblethink
BoA? I use that feature too, and I'm worried that they'll just drop it once
flash reaches end of life.

~~~
ars
I'm expecting them to add it to their mobile app.

------
yborg
As I read this paper, the attack used a training set on the target hardware
with the exact antenna setup; then ran a test set on the exact same
configuration to demonstrate key recovery. This seems like it would be much
more difficult to execute in the wild on a random device at Starbucks.

\- The device would have to be profiled ahead of time.

\- There's nothing else running on the device but the key decryption at some
point.

\- The device is quite close to the detection apparatus (within 20 cm in the
paper).

------
rocqua
The paper states that a mitigation has been merged into openSSL, how near is
that version to being pushed to android?

~~~
excalibur
For an android build to be released with this mitigation included: Six to nine
weeks.

For the mitigation to be implemented on your android phone: Six to nine years.

~~~
aneutron
Funny way how you spell decades

~~~
DiabloD3
He meant centuries.

~~~
namibj
Or the multiple phones you go through before you will find it included.

------
insulanus
I wonder when we'll reach the point that devices actively defend themselves.
In this case, the device might emit a stronger signal on the frequency that it
anticipates might be sampled, masking its true operation.

------
hobls
I’m curious to hear more about what the device itself was doing. It’s doing
RSA decryption, of course, but is that it? Can we still recover “d” if the
phone is doing other stuff at the same time? I wonder if exponentiaton is
produces distinct enough signals. Seems like it might.

------
peterwwillis
So, if someone has your phone, they have your phone's private RSA key. Jesus.

~~~
mindslight
So, exactly the same as it has always been!

What's the point of buying into this model where a possessor (ie owner) of a
device is considered an attacker? It hasn't even shown itself to be workable
on general-purpose computers, meanwhile users' practical experience seems to
be centered around companies that are attempting to hinder people attempting
to retain ownership of their phone.

Especially as the main push is aimed smaller devices - exactly the ones easier
to take with you! At a certain point, the threat from the past (undetectable
tampered software) outweighs the threat from the present (due to being able to
easily read out the entire device state). It's a bit tough to take a rackmount
server into the shower with you, but there's _very little_ reason for a usb-
port-sized device to stymie the user for the goal of protecting against
physical access.

~~~
xvector
> So, exactly the same as it has always been!

Not really. Apple's Secure Enclave is resistant against many side channel
attacks, including differential power attacks.

~~~
mindslight
Sure, but that is a recent development which the jury is still out on.

I'm just saying for most all of computing history (besides a few perverted
niches), we've thought of the data on the device is accessible by the person
who has the device. So this attack just puts us back at the traditional
expectation - a place that a large amount of people would actually just prefer
to stay.

