Mobile Threat Catalogue

Side-Channel Attack

Contribute

Threat Category: Physical Access

ID: PHY-5

Threat Description: Side channel attacks allow adversaries to extract information or perform malicious actions via the implmentation of the system itself, rather than algorithmic weaknesses.1

Threat Origin

ECDSA Key Extraction from Mobile Devices Via Nonintrusive Physical Side Channels

Exploit Examples

New Attack Steals Secret Crypto Keys from Android and iOS Phones 2

Evolving differential power analysis targets SIM cards 3

CVE Examples

Not Applicable

Possible Countermeasures

Mobile Device User

To increase the difficulty of this attack, use devices that implement mitigations in their cryptograhic functions against side-channel attacks, such as iOS 9.x and later devices.

Enterprise

To increase the difficulty of this attack, use devices that implement mitigations in their cryptograhic functions against side-channel attacks, such as iOS 9.x and later devices.

Avoid the use of apps that may implement their own cryptographic functions without validation that appropriate mitigations against side-channel attacks have been implemented.

Educate users to be mindful of their physical surroundings when using mobile devices, and to report the appearance of unexpected hardware components to IT security immediately.

Educate users to not directly connect their mobile devices to untrusted systems or docking stations, and to maintain strong physical security for innocent components such as USB charging cables

References

  1. Wikipedia, Side-channel attack; https://en.wikipedia.org/wiki/Side-channel_attack [accessed 12/09/2019] 

  2. D. Goodin, “New Attack Steals Secret Crypto Keys from Android and iOS Phones”, Ars Technica, 3 Mar. 2016; http://arstechnica.com/security/2016/03/new-attack-steals-secret-crypto-keys-from-android-and-ios-phones/ [accessed 8/25/2016] 

  3. “Evolving differential power analysis targets SIM cards,” Rambus, 23 Sept. 2015; https://www.rambus.com/blogs/security-evolving-differential-power-analysis-targets-sim-cards/ [accessed 07/18/2017]