Communications of the ACM

Home/News/Researchers Discover Vulnerability in Widely-Used.../Full Text

ACM TechNews

Researchers Discover Vulnerability in Widely-Used Method for Securing Phone Data

By Georgia Institute of Technology
September 28, 2021
Comments

View as: Print Mobile App Share:

The researchers monitored radio waves emitted by the phones' processors with an oscilloscope. — Georgia Institute of Technology computer science professor Milos Prvulovic said the attack was so effective that researchers only needed to listen in on a single secure transaction to steal a phones secret key.

Credit: Milos Prvulovic

Researchers at the Georgia Institute of Technology have demonstrated how an attack on low-end Android phones targets a standard encryption process.

The researchers placed a radio sensor within a few centimeters of a ZTE Zfive handset and an Alcatel Ideal handset and showed that the sensor could detect the weak radio waves emitted by the phones' processors.

After witnessing a single secure Web transaction transmitted through these signals, attackers could determine the user's encryption key and use it to forge the user's digital signature and access their banking data, among other things.

To remedy the problem, the researchers modified the constant-time algorithm (which ensures that a processor carries out the same sequence of operations for each bit) so the signal corresponding to the conditional swap (one operation carried out for each bit) has the same strength regardless of the value of the bit.

From Georgia Institute of Technology
View Full Article

No entries found

Researchers Discover Vulnerability in Widely-Used Method for Securing Phone Data

Cat Qubit Error Correction Architecture

Autocorrect Is Not: People Are Multilingual and Computer Science Should Be Too

The Role of Autonomous Machine Computing in Shaping the Autonomy Economy