Sign In

Communications of the ACM

ACM TechNews

Researchers Discover Vulnerability in Widely-Used Method for Securing Phone Data

View as: Print Mobile App Share:
The researchers monitored radio waves emitted by the phones' processors with an oscilloscope.

Georgia Institute of Technology computer science professor Milos Prvulovic said the attack was so effective that researchers only needed to listen in on a single secure transaction to steal a phones secret key.

Credit: Milos Prvulovic

Researchers at the Georgia Institute of Technology have demonstrated how an attack on low-end Android phones targets a standard encryption process.

The researchers placed a radio sensor within a few centimeters of a ZTE Zfive handset and an Alcatel Ideal handset and showed that the sensor could detect the weak radio waves emitted by the phones' processors.

After witnessing a single secure Web transaction transmitted through these signals, attackers could determine the user's encryption key and use it to forge the user's digital signature and access their banking data, among other things.

To remedy the problem, the researchers modified the constant-time algorithm (which ensures that a processor carries out the same sequence of operations for each bit) so the signal corresponding to the conditional swap (one operation carried out for each bit) has the same strength regardless of the value of the bit.

From Georgia Institute of Technology
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account