What is Side-Channel Attack (SCA)?

When you think of hackers, you can imagine people who are good at Hollywood-style computers, who are trying to defeat their computer defenses. However, Side-Channel Attack allows a hacker to extract information from a device without touching the security of the system.

Let's take a look at what Side-Channel Attack is and what it means to you.

What is Side-Channel Attack (SCA)?

ide-Channel Attack allows hackers to extract information without interfering with the device

Let's say you live with a friend who calls someone often. To do this, they use landlines with physical buttons. That roommate is very secretive about the person being called, but this makes you extremely curious.

You can keep track of when the person is dialing, but there is a way you can avoid doing so. Somehow, you can get the number that person calls by tracking the signals in a non-intuitive way. How would you do it?

One solution is to listen for dial tones whenever the friend presses the key. Because each key makes a different sound, you can change the sound from the sound to the corresponding key pressed.

You can also measure the time it takes for a person to move a finger from one key to an adjacent key. Then, when that friend dials, calculate the time between each keystroke.

If that time is equal to the time it takes for a finger to move from one key to an adjacent key, then the number of people that have just pressed lies adjacent to the nearest number. A longer delay means that the next number is not adjacent, while two quick presses signal the same number to be pressed twice. You can then calculate all the numbers that match the time pattern and use the data to find out which number it could be.

You can find out how each key sounds when pressed. For example, the number 3 key has a heavier sound and the number 9 button makes a slight hiss When your roommate dials, you can monitor the noise and find out what numbers have been dialed.

These methods determine what is a Side-Channel Attack attack. This is a way of extracting data without directly entering the device. In fact, side-channel attacks with computers need to go much deeper than listening for pressing a button!

Types of Side-Channel Attack

There are many types of Side-Channel Attack attacks

Now that you know how a side channel attack works, let's take a look at some of the different types of attacks that hackers can use.

Discover the algorithm with Timing Attack

First, Timing Attack attacks analyze the amount of time it takes for a process to complete. This is similar to counting roommates' dial times and comparing it to what you know above.

Hackers will give algorithms different inputs and see how long this process takes to process. From this data, they can match potential algorithms to match time data and find solutions.

Timing Attack attacks are an important part of the Meltdown exploit flaw, analyze how quickly the cache is read and use the results to read the data for itself.

Check processor usage through the power analysis process

A hacker can track how much energy a component is using to see what it is doing. If a component is using more energy than usual, it can calculate something important. If it consumes less energy, it may be moving to the next calculation stage.

A hacker can even use energy usage characteristics to see what data is sent.

Listen for clues through sound analysis

Sound analysis is when a hacker listens to sound samples coming from a device and uses those results to put information together.

In the phone example above, listening to dial tone or pressing a button is an acoustic attack (an attack based on sound analysis).

There have been a few studies examining the feasibility of an acoustic attack. A study listened to the printer's audio to evaluate what was being printed and achieved an accuracy rate of 72%. The accuracy can be up to 95%, if the attacker roughly knows what the document is about.

Another study, called SonarSnoop, has turned phones into sonar devices (techniques that use sound propagation to find a way to move, communicate or detect other objects). Research has caused the phone to emit inaudible sound to the human ear through speakers and record echoes through the microphone. The sonar's echo will tell the attacker the position of the victim's finger on the screen as they draw the unlock pattern, thereby revealing how to unlock the phone.

Monitor background waves with electromagnetic analysis

Electromagnetic analysis (EM) tracks the waves emitted from the device. From this information, an attacker can decipher what the device is doing. At the very least, you can know if a device is nearby. For example, you can use your phone to find hidden surveillance cameras by looking for their electromagnetic waves.

There is a study of IoT devices and their EM emissions. The theory is that monitoring teams can monitor suspicious devices without having to hack into them. This is very important, as it allows law enforcement to monitor suspicious activity without leaving a trace.

How to protect yourself from Side-Channel Attack attacks

There is no easy way to make a PC invulnerable against Side-Channel Attack attacks

Unfortunately, there is no easy way to make a PC invulnerable against Side-Channel Attack attacks. As long as the PC is using energy, emitting radiation and making sound during operation, it will still be subject to hacker analysis.

However, what you can do is prevent hackers from launching an attack in the first place. Take SonarSnoop, which can detect phone login patterns as an example. This program may have distribution channels like any other malware. It will be found hidden in malicious applications and programs waiting for someone to download.

Thus, although it is not possible to prevent devices from emitting signals, you can prevent the installation of software programmed to monitor the said signals. Keep up-to-date with antivirus tools and practice good network security practices, everything will be fine.