Researcher-devised exploit threatens Bitcoin wallets and other high-value assets. Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.
The exploit is what cryptographers call a non-invasive side-channel attack. It works against theElliptic Curve Digital Signature Algorithm, a crypto system that’s widely used because it’s faster than many other crypto systems. By placing a probe near a mobile device while it performs cryptographic operations, an attacker can measure enough electromagnetic emanations to fully extract the secret key that authenticates the end user’s data or financial transactions. The same can be done using an adapter connected to the USB charging cable.
“An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone’s USB cable, and a USB sound card,” the researchers wrote in a blog post published Wednesday. “Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices. We also showed partial key leakage from OpenSSL running on Android and from iOS’s CommonCrypto.”
While the researchers stopped short of fully extracting the key on a Sony-Ericsson Xperia x10 Phone running Android, they said they believe such an attack is feasible. They also cited recently published research by a separate team that found a similar side-channel vulnerability in Android’s version of theBouncyCastle crypto library.
Older versions of iOS—specifically, 7.1.2 through 8.3—appear to be vulnerable. The current 9.x version does not appear to be vulnerable because it added defenses against side-channel attacks. However, users of even current versions of iOS are still at risk when using vulnerable apps. One such vulnerable iOS app is CoreBitcoin, which is used to protect Bitcoin wallets on iPhones and iPads. Because it uses its own cryptographic implementation rather than the iOS CommonCrypto library, it is vulnerable to the key-extraction attack. CoreBitcoin developers told the researchers they plan to replace their current crypto library with one that’s not susceptible to the attack. The latest version of Bitcoin Core, meanwhile, is not vulnerable.
Both the 1.0.x and 1.1.x versions of the OpenSSL code library are also susceptible except when compiled for x-86-64 processors with a non-default option selected or when running a special option available for ARM CPUs. The researchers said they reported the vulnerability to OpenSSL maintainers, and the maintainers said that hardware side-channel attacks aren’t a part of their threat model. The full research paper is here.
Still, averting attacks may sometimes prove difficult, since cables or probes could be disguised to conceal what they’re doing. And as the images in this post demonstrate, probes could be hidden on the underside of a table. It’s also possible that over time, researchers could devise ways to measure the leaks from further distances. For that reason, while the vulnerabilities probably don’t pose an immediate threat to end users, they should nonetheless be a top concern for developers. The researchers have been working with the vendors of the specific software they analyzed to help them evaluate and mitigate the risk to their users.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
