Researchers at the Georgia Institute of Technology have demonstrated how an attack on low-end Android phones targets a standard encryption process.
The researchers placed a radio sensor within a few centimeters of a ZTE Zfive handset and an Alcatel Ideal handset and showed that the sensor could detect the weak radio waves emitted by the phones' processors.
After witnessing a single secure Web transaction transmitted through these signals, attackers could determine the user's encryption key and use it to forge the user's digital signature and access their banking data, among other things.
To remedy the problem, the researchers modified the constant-time algorithm (which ensures that a processor carries out the same sequence of operations for each bit) so the signal corresponding to the conditional swap (one operation carried out for each bit) has the same strength regardless of the value of the bit.
From Georgia Institute of Technology
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA