Encryption securing money transfers on mobile phones can be broken

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

A group of researchers has proved that it is possible to break the encryption used by many mobile payment apps by simply measuring and analysing the electromagnetic radiation emanating from smartphones.

“We show that modern cryptographic software on mobile phones, implementing the ECDSA digital signature algorithm, may inadvertently expose its secret keys through physical side channels: electromagnetic radiation and power consumption which fluctuate in a way that depends on secret information during the cryptographic computation,” the researchers noted.

The attack can be performed easily and cheaply.

“An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone’s USB cable, and a USB sound card. Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices. We also showed partial key leakage from OpenSSL running on Android and from iOS’s CommonCrypto.”

Breaking mobile payment encryption

ECDSA (Elliptic Curve Digital Signature Algorithm) is used in many popular apps such as Bitcoin wallets and Apple Pay, and that’s why the researchers wanted to see if such an attack was possible. The challenge they took on was particularly hard, as ECDSA signatures are randomized.

“Our methodology includes physical signal acquisition from mobile devices (phones and tablet), signal processing for signal extraction and enhancement using Singular Spectrum Analysis, and a lattice-based algorithm for recovering the secret signing key by aggregating partial information learned from many randomized signing operations,” they explained.

As mentioned before, the attack can be performed cheaply as it doesn’t require any pricy and difficult-to-get equipment – quite the opposite, in fact.

“Small loops of wire acting as EM probes can be easily concealed inside various objects that come in proximity with mobile devices, such as tabletops and phone cases. The phone’s power consumption can be easily monitored by augmenting an aftermarket charger, external battery or battery case with the requisite equipment,” they noted.

When Check Point announced the release of this research (most of the researchers involved are from the Check Point Institute for Information Security at Tel Aviv University) a commenter expressed his doubts about whether this attack can be effectively mounted in a real-world scenario.

“‘Acoustic emanations’ and longer-range measurements, especially ‘across walls’ are useless in an environment with ambient noise or other smartphone users (a cafe). Unless your target is isolated in a room free of electromagnetic radiation and ambient sound, you would need to be right on top of them to take a measurement,” he opined.

But Eran Tromer, one of the researchers, assured him that’s not true. “We conducted these electromagnetic attacks in a crowded lab environment with dozens of electronic devices running in the same room (cellphones, laptops, dekstops and assorted lab equipment). Likewise, the acoustic attacks you allude to were done in a noisy lab/office environment,” he said.

The researchers have, of course, notified the developers of the vulnerable libraries about their research.

More details about the attack can be found on this webpage and in this paper.