Governments, businesses, private organizations and people in general are doing more each year to address the dangers of cyberattacks. The big problem is, we are always playing catchup! Every time we address one vulnerability in cyber-systems, attackers come up with a fresh way to attack them. One of these vulnerabilities that is enjoying increased attention by the bad guys in recent years is side channel attacks.
In side channel attacks, attackers analyze signals or metadata or video or other kinds of emanations made by devices to deduce what users are typing or what their mouse movements are or what crypto key is being used or lots of other things. It is absolutely fascinating what can be learned by these techniques! In a recent example, a research team from Texas found that they could analyze video calls and deduce what people are typing by mapping their shoulder movements. If you were on a conference call, you might be able to use this technique to determine what people on the other end are chatting about while you talk. Quite a business advantage!
There are many types of side channel attacks, but a lot of them rely on the propensity of electromagnetic signals to propagate. People think that it is easy to stop an electromagnetic signal, but it really is not. Even though signals from keyboards, mice, power systems and the like might be very weak, they can be recovered and amplified easily if you are in the right position. Signals can also go through things like walls and windows, as evinced by cell phone signals.
IoT devices are among the juiciest vectors for side channel attacks. They almost all emit electromagnetic signals, they are connected to the Internet and they are often not properly isolated from internal computer networks. They also often use light weight cryptographic techniques and old, vulnerable operating systems. This makes these devices very tempting targets for cyber-criminals.
So how do we protect our networks and information from side channel attacks? There are many methods that can be employed. One method is stop or dampen electromagnetic signals emitted from the devices, such as by use of a Faraday cage or ultra-low power source. You can also make sure that your private and work areas are protected from peeping and eavesdropping. Another method is to use power line conditioning and filtering to help stop power-monitoring attacks. For cryptographic side channel attacks, you can blur the relationship between the information emitted and the secret data you are trying to protect. My personal advice is to keep yourself abreast of the new side channels and side channel attacks that are emerging and to react immediately and appropriately to protect yourself and your business.