How to Steal Secret Encryption Keys from Android and iOS SmartPhones

Unlike desktops, your mobile devices carry all sorts of information from your personal emails to your sensitive financial details. And due to this, the hackers have shifted their interest to the mobile platform.

Every week new exploits are discovered for iOS and Android platform, most of the times separately, but the recently discovered exploit targets both Android as well as iOS devices.

A team of security researchers from Tel Aviv University, Technion and The University of Adelaide has devised an attack to steal cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other highly sensitive services from Android and iOS devices.

The team is the same group of researchers who had experimented a number of different hacks to extract data from computers. Last month, the team demonstrated how to steal sensitive data from a target air-gapped computer located in another room.

Past years, the team also demonstrated how to extract secret decryption keys from computers using just a radio receiver and a piece of pita bread, and how to extract the cryptographic key just by solely touching the chassis of the computer.

Side-Channel Attacks

According to the researchers, the recent exploit is a non-invasive Side-Channel Attack: Attack that extracts the secret crypto key from a system by analyzing the pattern of memory utilization or the electromagnetic outputs of the device that are emitted during the decryption process.

The exploit works against the Elliptic Curve Digital Signature Algorithm (ECDSA), a standard digital signature algorithm that is most widely used in many applications like Bitcoin wallets and Apple Pay and is faster than several other cryptosystems.

How to Steal Secret Encryption Keys?

During the experimental hack, the researchers placed a $2 magnetic probe near an iPhone 4 when the phone was performing cryptographic operations.

While performing cryptographic operations, the security researchers measured enough electromagnetic emanations and were able to fully extract the secret key used to authenticate the end user's sensitive data and financial transactions.

The same hack can be performed using an improvised USB adapter connected to the phone's USB cable, and a USB sound card to capture the signal.

"Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices," the researchers wrote in a blog post published Wednesday. "We also showed partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto."

The researchers also experimented their exploit on a Sony-Ericsson Xperia X10 Phone running Android and said they believe such an attack is feasible.

The security researchers also cited a recent independent research by a separate team of security researchers that discovered a similar Side-Channel flaw in Android's version of the BouncyCastle crypto library, making the device vulnerable to intrusive electromagnetic key extraction attacks.

Currently, the hack requires an attacker to have physical control of, or, at least, a probe or cable in proximity to, a vulnerable mobile device as long as it performed enough tasks to measure a few thousand of ECDSA signatures.

Affected Devices

Older iOS versions 7.1.2 through 8.3 are vulnerable to the side-channel attack. The current iOS 9.x version includes defenses against side-channel attacks, so are unaffected.

However, nothing can save iPhone and iPad users even running current iOS versions if they are using vulnerable apps. One such vulnerable iOS app is CoreBitcoin that is used to protect Bitcoin wallets on iPhones and iPads.

Developers of CoreBitcoin told the security researchers that they are planning to replace their current crypto library with one that is not susceptible to the key extraction attack. Meanwhile, the recent version of Bitcoin Core is not vulnerable.

Both OpenSSL versions 1.0.x and 1.1.x are vulnerable except when compiled for x86-64 processors with the non-default option enabled or when running a special option available for ARM CPUs.

The team has already reported the vulnerability to the maintainers of OpenSSL, who said that hardware side-channel attacks are not a part of their threat model.

For in-depth technical details, you can read the full research paper [PDF].