Cache & Timing Attacks
Cache based attacks on CPUs have been around for a number of years, with Specter and Meltdown being some of the widely known issues of recent times. These attacks use things like execution times or execution order to leak secure information.
In 2016 a team from Graz University of Technology proved that cache attacks are possible on un-rooted Android smartphones, leaving no type of CPU-based digital device unaffected. Because these attacks rely heavily on statistical analysis and repeated loops to attack the underlying architecture of a system, faster machines have made cache and timing-based attacks faster and more accessible than ever.
Power Monitoring Attacks
Every digital device uses power, and as every 0 or 1 is switched the power varies. This forms the basis of most power monitoring attacks. More sophisticated attacks can be used to retrieve cryptographic keys from devices, but with the advent of the Internet of Things (IoT), many households now have relatively insecure devices with default passwords installed on their home networks. Even encrypted IoT devices can be identified by their power use signatures, and once an attacker knows what devices you have installed they potentially have a route into your home network.
Smart meters are also an issue for an increasing number of users. Often, they collect such fine-grained data that they can tell if you’re boiling a kettle — or taking a shower. Combined with another power monitoring attack, one that reveals the encryption key of SIM cards (which all smart meters have), an attacker could monitor your home remotely, and ultimately find a way onto your home network. A malicious attacker could also bump up your bill, or know if you’re away.
IoT leveraged network attacks are something that users need to be aware of, many offices have insecure IoT cameras with poor encryption and/or easily discovered default passwords Power analysis is just one of the ways that an attacker could identify the model of IP camera, and a few seconds later be shoulder surfing passwords, account details, usual times for the office to be empty, and more — one of the simplest types of optical side channel attacks.
Sources: medium.com
Edited by Mario Vulcano
Station HYPO 
13 July 2021 at 23:03
Here’s a related article which may be of interest to your readers. Strictly speaking, probably not a side channel attack, but it does highlight a cell phone attack vector most of us don’t normally consider – the network switching and control software which manages base stations and their connections into the PSTN (Public Switched Telephone Network).
During the 2004 prep for the Olympic Games, someone mounted a sophisticated attack against cell service provider Vodaphone Greece by adding some extra code to that software build. It cleverly routed audio from selected cell customers to an unid handset, presumably for recording. The target list included the Greek Prime Minister, a number of senior government and military officials, and at least one employee of the U.S. Embassy.
The attack went undetected until 2005 when a software patch caused some text messages to be dropped. Its discovery had all the makings of a good spy story as engineers, supposedly in a hurry to restore service, erased logs and removed the malware. And a young Greek engineer with the company was found dead of an apparent suicide shortly after the malware’s discovery. The attack’s sophistication pointed to a nation state intelligence service. However, with most of the evidence gone, the perpetrator was never identified.
More details are available in the June 2007 IEEE Spectrum article “The Athens Affair” [1]
——————————–
1. Prevelakis and Spinellis: “The Athens Affair”
IEEE Spectrum online 29 June 2007
https://spectrum.ieee.org/telecom/security/the-athens-affair
LikeLike