Smartphone electromagnetic emissions analysed for security vulnerability

Researchers have developed a platform that analyses electromagnetic emissions from smartphones to check how secure they are.

According to the team of researchers behind the new platform, they focused on “lateral movement attacks” that occur when “someone tries to take advantage of a circumstance (in this case, any electric current producing a magnetic field) for illicit purposes (in this case, the attacker tries to extract the private password from the encryption, to which he theoretically should not have access)”.

When any electronic device is turned on, it use energy and generates electromagnetic fields. Scientists tried capturing traces of these electromagnetic emissions to obtain the encryption key and at the same time, decipher the data.

“We want to make it known that these type of devices have vulnerabilities, because if an adversary attacks them, that is, if someone calculates the password that you are using on your cell phone, it will make you vulnerable, and your data will no longer be private,” affirmed one of the other researchers, Luis Hernández Encinas. Hernández Encinas is from CSIC’s Instituto de Tecnologías Físicas y de la Información – ITEFI (Institute for Physical and Information Technologies).

The basic aim of this research is to detect and make known the vulnerabilities of electronic devices and that of their chips, so that software and hardware developers can implement appropriate countermeasures to protect user security. “Our work then will be to verify is this has been carried out correctly and try to attack again to check it there is any other type of vulnerabilities,” added Hernández Encinas.

The most relevant aspect of the project, according to the researchers, is that an architecture and work environment is being develop in which this type of lateral movement attacks can continue to be explored. In fact, it is possible to extract encrypted information from other data, such as variations in temperature of the device, the power consumption, and the time it takes a chip to process a calculation.