Cache & Timing Attacks

Cache based attacks on CPUs have been around for a number of years, with Specter and Meltdown being some of the widely known issues of recent times. These attacks use things like execution times or execution order to leak secure information.

In 2016 a team from Graz University of Technology proved that cache attacks are possible on un-rooted Android smartphones, leaving no type of CPU-based digital device unaffected. Because these attacks rely heavily on statistical analysis and repeated loops to attack the underlying architecture of a system, faster machines have made cache and timing-based attacks faster and more accessible than ever.

Power Monitoring Attacks

Every digital device uses power, and as every 0 or 1 is switched the power varies. This forms the basis of most power monitoring attacks. More sophisticated attacks can be used to retrieve cryptographic keys from devices, but with the advent of the Internet of Things (IoT), many households now have relatively insecure devices with default passwords installed on their home networks. Even encrypted IoT devices can be identified by their power use signatures, and once an attacker knows what devices you have installed they potentially have a route into your home network.

Smart meters are also an issue for an increasing number of users. Often, they collect such fine-grained data that they can tell if you’re boiling a kettle — or taking a shower. Combined with another power monitoring attack, one that reveals the encryption key of SIM cards (which all smart meters have), an attacker could monitor your home remotely, and ultimately find a way onto your home network. A malicious attacker could also bump up your bill, or know if you’re away.

IoT leveraged network attacks are something that users need to be aware of, many offices have insecure IoT cameras with poor encryption and/or easily discovered default passwords Power analysis is just one of the ways that an attacker could identify the model of IP camera, and a few seconds later be shoulder surfing passwords, account details, usual times for the office to be empty, and more — one of the simplest types of optical side channel attacks.

Edited by Mario Vulcano