Electromagnetic emissions from smartphones analyzed for security vulnerability

Researchers at Universidad Carlos III de Madrid (UC3M) and the Consejo Superior de Investigaciones Científicas-CSIC (Spanish National Research Council) are developing a tool that enables cell phones to be analyzed in order to determine if they could undergo a cyber-attack to obtain encryption keys through their electromagnetic emanations.

This platform, whose objective is to improve smartphone security and that of other electronic devices, was recently presented in Canada in an international conference on security and privacy on the Internet of Things (Workshop on Security and Privacy on Internet of Things).

This research focuses on “lateral movement attacks,” which happen when “someone tries to take advantage of a circumstance (in this case, any electric current producing a magnetic field) for illicit purposes (in this case, the attacker tries to extract the private password from the encryption, to which he theoretically should not have access),” explained one of the researchers, José María de Fuentes, UC3M Computer Security Lab (COSEC).

Traditionally, they tried to attack the encrypted algorithm, that is, the process to protect data, which normally has a complicated mathematical base. Later, this type of lateral movement attacks have been developed to seek other ways of breaching security without having to “break” the math upon which it is based. “When the devices are on, they use energy and generate electromagnetic fields. We try to capture their traces to obtain the encryption key and at the same time, decipher the data,” explained another of the researchers, Lorena González, who is also from the UC3M COSEC.

Digital vulnerability

“We want to make it known that these type of devices have vulnerabilities, because if an adversary attacks them, that is, if someone calculates the password that you are using on your cell phone, it will make you vulnerable, and your data will no longer be private,” affirmed one of the other researchers, Luis Hernández Encinas. Hernández Encinas is from CSIC’s Instituto de Tecnologías Físicas y de la Información — ITEFI (Institute for Physical and Information Technologies).

The basic aim of this research is to detect and make known the vulnerabilities of electronic devices and that of their chips, so that software and hardware developers can implement appropriate countermeasures to protect user security. “Our work then will be to verify is this has been carried out correctly and try to attack again to check it there is any other type of vulnerabilities,” added Hernández Encinas.

The most relevant aspect of the project, according to the researchers, is that an architecture and work environment is being develop in which this type of lateral movement attacks can continue to be explored. In fact, it is possible to extract encrypted information from other data, such as variations in temperature of the device, the power consumption, and the time it takes a chip to process a calculation.

This research has been carried out in the framework of CIBERDINE (Cybersecurity: Data, Information, Risks), a R+D+i program funded by the Consejería de Educación, Cultura y Deporte (Board of Education, Culture and Sport) of the Madrid Autonomous Region and by Structural Funds from the European Union.. Its main objective is to develop technological tools aimed at making cyberspace a safe, secure and trustworthy environment for public administrations, citizens and companies. For that purpose, this research pursues three broad areas: massive analysis of data networks, cooperative cybersecurity and support systems for decision making in this area.