Security researchers have successfully designed a new attack method to steal keys from Android and iOS Mobile Phones.

Security researchers have successfully designed a new attack method to steal keys from Android and iOS Mobile Phones.

Existing security researchers have successfully designed an attack method to obtain encryption keys, Apple Pay accounts, and other high-value asset information on Android and IOS devices.
For password decryption, it uses non-intrusive edge channel attacks. This encryption system is widely used to combat the elliptic curve digital signature algorithm because it is faster than many other encryption algorithms. By placing a detector near a mobile device that is performing encryption operations, attackers can detect sufficient electromagnetic radiation information, the radiation information can completely restore user data and capital transaction information (this can also be done through the USB charging data cable ).
"An attacker can use a magnetic probe (which can be purchased at $2) to detect physical effect information from the device in non-intrusive ways, or connect to the USB interface of the mobile phone and the USB sound card through the USB data cable." A security researcher wrote this on his blog on Wednesday. "In this way, we can completely extract the signature keys running on OpenSSL and CoreBitcoin on IOS devices. We can also obtain some key information after OpenSSL and iOS public password encryption on Android devices ."
　　

The figure shows an attack using an iPhone 4 charging interface.
After security researchers stop extracting key information from a Sony-Ericsson Xperia x10 mobile phone running Android, they say they believe this attack method is feasible. They also cited a research report on the Android BouncyCastle encryption Library released by an independent team.
　　

This problem exists in earlier versions of iOS from 7.1.2 to 8.3. This vulnerability does not exist in the current 9.x version because the system has added a security protection against edge channel attacks. However, even users of the latest version are still at the edge of Information Leakage threats as long as they use apps that are vulnerable to this attack. For example, iOS APP-CoreBitcoin (CorBitcoin is used to protect the iPhone and iPad's Bitcoin wallet ). Because it uses its own private encryption method instead of using the iOS public encryption library, this causes the password to be extracted. CoreBitcoin developers told researchers that they intend to use this attack method to replace the encryption method currently in use. This vulnerability is not affected in the latest CoreBitcoin application version.
In the OpenSSL code library, versions 1.0.x and 1.1.x are still affected by this vulnerability, except in one case, this vulnerability does not affect the use of non-default methods in the x-86-64 compiler or OpenSSL compiled in the arm cpu with special options. The security researcher said that after they submitted the Security Report to the OpenSSL maintenance personnel, the maintenance personnel informed them that the hardware side-channel attack method is not within the scope of their threat model. Click here for the complete study report.
Researchers from Tel Aviv University, Technion and Adelaid University recently published a separate article describing how to use a standard notebook (even if the notebook is in the next room) extracts the encryption key of the elliptic curve digital signature algorithm. The attack only takes a few seconds to obtain the key. Separating edge channel attacks against RSA keys was successfully implemented in 2013. There is still a difference between edge channel attacks and mobile phone attacks. The separation confrontation relies on the electronic information emitted by sound instead of electromagnetic leakage or energy consumption information.
So far, this attack method requires an attacker to be at a proper distance from a mobile device with the vulnerability to detect and obtain "many algorithm signature information ". The attack time depends on the specific target application. This makes it difficult to implement the attack method in actual situations. As long as the device user checks the USB interface before inserting the data cable to see if there is a probe near the phone device ."
So far, it is very difficult to avoid this attack, because the data line interface and the probe are difficult for users to distinguish clearly. As shown in the following figure, you can hide the probe under the table. Over time, researchers may design new methods to obtain data information from remote detection. Although this does not constitute a real-time threat to end users, end users should pay attention to these issues. Currently, security researchers have worked with vendors to help them evaluate specific software and mitigate the threat that the attack method poses to users.