09 July 2020

What Is a Side-Channel Attack? How Hackers Crack Security Without Touching It


side-channel-attack

When you think of hackers, you may imagine the Hollywood-styled expert who tries to break through a computer’s defenses. However, a side-channel attack lets a hacker extract information from a device without even touching the system’s security.

Let’s take a look at what a side-channel attack is and what it means to you.

What Is a Side-Channel Attack?

Let’s say you live with a housemate who calls someone every so often. To do this, they use a landline phone with physical buttons. Your housemate is very secretive about whom they’re calling, but you’re curious.

You could watch them dial the number, but what if you don’t need to do that? What if instead, you could somehow get the number by monitoring non-visual signals, and how would you go about doing that?

One solution is listening for the dial tone every time your housemate presses a key. Because each key makes a different tone, you can then reverse-engineer the sounds to figure out which key was pressed.

You may be able to measure the time it takes for your housemate to move their finger from one key to an adjacent one. Then, when your housemate dials the number, you measure the time gap between each press.

If the gap is equal to your measurement, the number they just pressed was adjacent to the last one. A longer delay meant the next number isn’t adjacent, while two rapid taps signal the same number pressed twice. Then, you can compute all the possible numbers that fit the timing pattern and use that data to work out whose number it might be.

You could learn what each key sounds like when pressed. Perhaps the three key has a heavier “clunk” to it, and the nine key emits a slight squeak. When your housemate dials the number, you monitor the noises and work out what was dialed.

These methods define what a “side-channel attack” is. It’s a way of extracting data without directly breaking into the device. This may seem very extreme, but computer side-channel attacks go far deeper than listening to button presses!

Different Kinds of Side-Channel Attacks

Now that we know how a side-channel attack works, let’s take a look at some different categories of attack that hackers can use.

Uncovering Algorithms With Timing Attacks

First, timing attacks analyze the amount of time it takes for a process to complete. This is similar to counting your housemate’s dialing time and comparing it to what you know.

The hacker will feed the algorithm different inputs and watch how long the process takes for it to chew it over. From this data, they can piece together the potential algorithms that match the timing data and find a solution.

In the above video, Joe Grand creates a device with a four-button combination lock. After entering the code, the device compares the first part of the user’s input with the first part of the correct code. If it’s right, it compares the second press with the combination, and so on. If it’s wrong, the device immediately stops processing.

As a result, if you test all four buttons as the first input, the correct one will take slightly longer to process. Incorrect entries cause only one comparison to happen, as the device stops immediately after the first one. However, a correct first entry will cause the device to move onto the second one, which takes longer.

Once you know what the first button is, you can then try combining it with each possible second entry, then the third one, etc. As long as you keep the entry that takes the longest to process, you’ll eventually discover the code.

Timing attacks were a major part of the Meltdown exploit. It analyzed how fast the cache was read and used the results to read the data for itself.

Checking Processor Usage Via Power Analysis

A hacker may monitor how much power a component is using to see what it’s doing. If a component is using more power than normal, it’s probably computing something important; when it consumes less, it’s probably moving to the next computational phase.

A hacker could even use power signatures to see what data was being sent. For example, on AnySilicon, they show a power chart that reveals a component sending binary data. A small bump of power is zero while a taller bump is a one.

Listening Out for Clues With Acoustic Analysis

Acoustic analysis is when a hacker listens to audio patterns coming from a device and uses the results to piece together information. In the above phone example, listening to the dial tone or button-presses would be an acoustic attack.

There have been a few studies that test the feasibility of an acoustic attack. One study listened to the sound of a printer to gauge what was being printed and achieved a 72 percent accuracy rate. This shot up to 95 percent if the attacker roughly knows what the document is about.

Another study, called SonarSnoop, turned phones into sonar devices. The study made phones emit a sound inaudible to human ears through the speaker, and recorded an echo via the microphone. The sonar echo would let the attacker know of the victim’s finger location on the screen while they’re drawing their unlock pattern, thus revealing how to unlock the phone.

Monitoring Background Waves With Electromagnetic Analysis

Electromagnetic (EM) analysis monitors the waves given off by devices. From this information, an attacker can decipher what the device is doing. At the very least, you can tell if a device is nearby; for example, you can use a phone to find hidden surveillance cameras by finding their EM waves.

There’s also a study that looks at IoT devices and their EM emissions. The theory is that forensic teams can monitor suspect devices without needing to hack into them. This is important, as it allows law enforcement to monitor suspicious activity without leaving a trace.

How to Protect Yourself From Side-Channel Attacks

Unfortunately, there’s no easy way to make your PC invulnerable to side-channel attacks. As long as it uses power, emits radiation, and creates sound during operation, it’s ripe for a hacker to analyze.

However, what you can do is prevent a hacker from performing the attack in the first place. For example, take the SonarSnoop program that can detect login patterns on phones. If this program was in the wild, it would likely take the same distribution channels as any other piece of malware. It would be found hidden in malicious apps and programs waiting for someone to download it.

As such, while you can’t prevent your devices from emitting telltale signals, you can prevent the installation of software programmed to monitor said signals. Keep your anti-virus tools up-to-date and practice good cybersecurity hygiene and you should be fine.

Keeping Your Hardware Safe

Side-channel attacks are scary, as they prove that attacks can occur without your knowledge. However, you can do your part to prevent hackers from gaining a foothold on your system and monitoring it for private information.

If you want to take further steps to keep your hardware safe, why not secure your computer to protect it from theft?

Read the full article: What Is a Side-Channel Attack? How Hackers Crack Security Without Touching It


Read Full Article

No comments:

Post a Comment