- Acoustic cryptanalysis : https://www.cs.tau.ac.il/~tromer/acoustic/
- Get Your Hand Off My Laptop : http://www.tau.ac.il/~tromer/handsoff/
I saw a live demo of the latter at the CHES 2014 conference in Busan, it was really impressive.
Now to be honest, I'm less impressed by this new one because I already saw a very similar attack on a smartphone using an EM probe (except maybe it was on the RSA cryptosystem). I'm not entirely sure but it may have been at the CRI demo stand at the CARTES convention in Paris in either 2012 or 2013.
That being said:
> After observing the elliptic-curve double and add operations during a few thousand signatures, the secret signing key can be completely reconstructed.
This is probably the biggest obstacle for pulling this off in reality. I have no idea what that means in minutes or hours you have to be near a phone doing encryption though.
It will still protect against anything short of a determined attacker with direct access to the hardware for an extended period.
Very little is secure against such a scenario, even less so if the attacker don't care about the defender knowing after the fact.
But all too often security research seems to consider anything that can be broken, even with the most complicated and time intensive of processes, as insecure.
That's basically the whole point of security research - to find any weaknesses and try to fix them. It sounds great on the surface, but the logical conclusion of reaching "ultimate security" is not so pleasant...
Interesting that Apple already fixed this in iOS 9. Makes me wonder what kinds of crazy tests their security team must be doing, that they can mitigate such things.
What's novel here is just how cheaply they're able to carry out these side-channel attacks.
 http://cr.yp.to/highspeed/coolnacl-20120725.pdf -- see section 3, Core security features and their impact
FWIW, there is no publicly known SHA1 collision yet. There's a known freestart collision, and a real world (non-freestart) collision is expected to be found within the next couple of months by the same group (the search is already running on their cluster - and the expected time to success is a couple of months). They have already found the first pair that they need out of two.
On a related note, the Bernstein team designed Ed25519 with side channels attacks in mind.
As an example, one of my computers leaks a ton of noise into the onboard audio that quickly becomes audible with a moderate amount of gain. So much so, that I've learned to recognize changes in the noise pattern from various activities (shuffling windows around the gui, launching a program, compiling a program, etc).
How practical a real-life, working use of the method described here will depend in no small part how much noise the device being attacked casts off. There's some pretty bad devices out there.
Also directivity/sensitivity. While turn count will improve overall sensitivity, loop size will increase directivity. Keep in mind that both loop size and turn count affect probe filtering characteristics (it IS a filter), so I highly recommend experimenting with several designs. Have a look at my attempt at making magnetic probe from RG174 . It is fat because of two layers of thermal shrink tube, which made it stiff enough for my experiments :)
It is hard to tell from a picture, but it should be that this probe uses two wires exactly for this purpose: one acts as a central conductor, other as a shield.
Both may be correlated, and both gives you side channel information to attack cryptography.
Also, the Secure Enclave co-processor is on-die, so there will be no need to authenticate or encrypt communications with it.