While the government searches for an iPhone backdoor, researchers find another way in
While the news about the dispute between Apple and the FBI rages on, security researchers continue to look for other ways into products, not just the iPhone. But as a prominent device it becomes a big target and deserves extra scrutiny.
The security experts from Israel and Australia decided to test out the electromagnetic radiation emitted by devices, in this case using an iPhone. The results were interesting, though they won't help in the case of phones in the custody of law enforcement.
You'll need a targeted receiver and a dedicated signal-processing computer, so this isn't a simple hack. It takes advantage of what the researchers describe as a "cryptographic algorithm is ECDSA (Elliptic Curve Digital Signature Algorithm), a standard digital signature algorithm used in many applications such as Bitcoin wallets and Apple Pay. Thus, such applications, especially those that rely on vulnerable versions of OpenSSL, CoreBitcoin or iOS, may expose their users to low-cost physical attacks leading to theft of signing credentials and subsequent unauthorized transactions or false authentication".
The researchers found they could sometimes differentiate between two special sorts of arithmetic calculations inside the code used for a specific sort of digital signature -- the ECDSA.
While the research seems to be just a proof of concept, the team points out that "Small loops of wire acting as EM probes can be easily concealed inside various objects that come in proximity with mobile devices, such as tabletops and phone cases. The phone's power consumption can be easily monitored by augmenting an aftermarket charger, external battery or battery case with the requisite equipment. Phone cases which contain an additional battery (and therefore are connected to the phone's charging port) can even be augmented to monitor both channels simultaneously".
There isn't any reason to panic over this if you are carrying an iPhone, the likelihood seems fairly slim, and iOS 9 appeared to be safe. If you're on Android then you are even safer, as the researchers found it required more specialized labgrade equipment to attack. Either way, you can put away that tinfoil hat for now.