Published by on
Mô tả:
At the security conference RSA computer last week, Gary Kenworthy from Cryptography Research has brought an iPod Touch to the stage and broke through a radio antenna 3 meters away.
The microprocessor in the smart phone and tablet leak radio signals, the signal will reflect back the encryption keys used to protect sensitive data.
At the security conference RSA computer last week, Gary Kenworthy from Cryptography Research has brought an iPod Touch to the stage and broke through a radio antenna 3 meters away. The signals through the selected antenna, routed through an amplifier and computer software, has revealed the secret key used by an application running on the device data encryption. For example, an intruder access to this key can use it to impersonate the device from which he stole, then access the e-mail on a server perfectly. The antenna has found radio signals leaked from the transistors on a chip inside the phone perform encryption computation. The transistor leakage signals when they are active, so the pattern of the signal from one chip to provide information for an eavesdropper on which chips are made. When Kenworthy adjust their equipment in place, a clear pattern, the popularity of the peaks and troughs appear on the computer screen. They can be seen under two types of small or large, and they interact directly with the sequence number generated encryption key, a string of 1s and 0s. "The antenna is not designed to be used in this work, it sits in storage for years and has even bent." Kenworthy - a key engineer at Cryptography Research. Kenworthy and Banjamin Jun - chief technology officer of Cryptography Research has also demonstrated how a wire loop to be brought back nearly 2 smartphone can get their secret key. Signals from HTC Evo 4G is a direct copy of the key devices and are used as part of a common encryption called RSA. Researchers need a complex statistical analysis to be able to get the key from the other HTC devices and equipment used as part of a program called AES encryption. Jun said that all the equipment you are testing company found out what kind of signal may reflect the key, although the different devices require different technical eavesdropping. While some devices are easily vulnerable to attack a remote action (eg iPod), the HTC devices as it requires the attacker approached. But this may be the fact, if the recipient does not contact use to collect payments from your phone with NFC chips are modified intruder. NFC chips are expected to be populated with the smart phone in the next few months as Google and other companies to develop the payment system via mobile phones are not exposed. These applications are used in the proofs of May and Kenworthy are they designed himself, because it did not occur during the application of other companies. But researchers have found that they can eavesdrop on the key code or any software application or a personal mobile, Jun said. Details of the vulnerabilities discovered has not been provided to the manufacturers handsets. "We have warned all manufacturers and provide phone, now it will be a lot of work to do. I can not give names, but I can say that we are working with manufacturers smart phones and tablet reputation. " Modify hardware or software of a mobile device can obscure the signal that an eavesdropper can get. Many credit card reader wireless use such countermeasures, Jun said. For smart phones and tablet, the upgrading of the software division operation using cryptographic keys into several parts and then combining them can protect existing equipment without changing the hard. But how should the cost. The company required more in terms of performance, a chip do more work. This also means that more power consumption, this may discourage some developers - those who do not want to waste their precious battery life. |
(As tapchibcvt)
Thứ tự sắp xếp:
10