Written By: Pranav Gadde

In this moment, as you’re reading this article, your device may be leaking information about you. The sounds your processor makes when it’s working, the tiny vibrations from your phone’s motors, all can be used to spy on you in ways that seem like science fiction. These are side-channel attacks, ways in which hackers don’t need to break into your devices directly. Rather, your most sensitive information can be seeped away through unintentional signals your technology is constantly broadcasting. This article will cover how these leaked signals can reveal information from your passwords to location, without you even knowing. 

What are Side-Channel Attacks?

Traditional cyber attacks are focused on exploiting software vulnerabilities or tricking users into revealing passwords. Here, side-channel attacks are different, since they take advantage of the physical properties of devices. Every electronic device inadvertently leaks data through various sources: power consumption, electromagnetic radiation, and small sounds. These “side channels” were never intended to carry information, but skilled attackers can use them to their advantage. 

The main feature is that during computation, computers leave out physical traces. For example, when your processor encrypts a file, it draws out different amounts of power based on the data being processed. Even the pattern of LED blinks on a router can reveal information about the websites being served. It attacks these various “fingerprints” hidden in everyday mechanical processes. 

PIN Code Attack 

One of the most prominent ones involves a PIN code theft through reading a smartphone’s motion sensors. When you type on a phone’s screen, the device subtly tilts and vibrates differently with each keystroke. The tiny movements of your hand when tapping different areas of the screen create a unique motion signature, one that machine learning algorithms can learn to recognize. Using this method, researchers have achieved up to 94% accuracy in stealing PIN codes using only accelerometer and gyroscopic data. 

Figure 1

Shows accelerometer and gyroscope readings (X, Y, Z axes) while a phone call took place. It shows how the motion patterns align with different user behaviors, like the various phone calls. 

Source: ResearchGate

This attack requires no special permissions or user interactions, making its implications dangerous. Any app with access to your motion sensors could potentially harvest this data in the background. Once an attacker has acquired your PIN, it can provide access to email accounts, social media platforms, and even banking applications. In December 2023, Apple’s software had a security flaw, allowing hackers to gain full control over a person’s Apple ID and resetting their phone, with only their phone passcode. Fortunately, this was addressed through biometric requirements (not turned on by default), but it highlights the lengths a 4-digit number can go. 

Acoustic Cryptanalysis 

This is the most sci-fi-sounding attack, involving stealing encryption keys through sounds. Different RSA keys have different sound patterns as computers emit high-pitched noises during operation from vibrations in their components. These acoustic forms can leak sensitive information about security-related computations. 

Israeli researchers demonstrated this by placing a smartphone next to a laptop running encryption software. By recording the subtle changes in the computer’s computation sounds, like high-pitched squeaks from capacitors and fan noises, they successfully extracted a full 4096-bit RSA encryption key in just one hour. To put this into perspective, traditional computing methods would’ve taken millions of years to crack the key, whereas this analysis was completed within the time it takes to watch a movie. 

Figure 2

An acoustic cryptanalysis attack setup by the researchers to demonstrate how a smartphone placed near a laptop can decode RSA encryption keys by recording high-frequency sounds from the component of the laptop. 

Source: Tel Aviv Cryptography Research

The IoT Threat 

This problem is far wider than just smartphones. Smart watches, fitness trackers, and IoT devices create new attack vectors daily. Your fitness tracker collects more than just how many steps you’ve taken; it can reveal the layout of your home, your work schedule, and even identify secure locations. For this reason, military personnel have been banned from wearing fitness trackers in secure areas, since data from these devices has been previously used to map secret military bases worldwide. =

Furthermore, modern attacks don’t rely on a single sensor. They combine data from accelerometers, gyroscopes, and microphones, allowing attackers to create incredibly accurate learning models. Fusing these together is similar to collecting multiple witnesses who saw a crime, and then a news report putting them together to provide a clear image in an article. 

Future of Side-Channeling 

As devices become more connected and sensor-oriented, the possibilities for attack only increase. Integration of AI and machine learning has made these attacks more accurate and more difficult to detect. What once required highly specialized equipment can now be replicated using consumer devices and freely available machine learning frameworks. Despite this, the chance of your keystrokes on your computer being listened to right now is relatively low. Due to the close proximity and time-intensive nature of the targeted device, these attacks are typically carried out against specific high-value targets. 

Conclusion

Side-channel attacks are a fundamental shift in cybersecurity methodologies. By exploiting the simple physics of computation, devices’ private information can be rapidly transferred. These attacks demonstrate that security goes beyond traditional security vulnerabilities, but encrypting data digitally and physically. The devices designed to ease our lives are capturing patterns every step of the way, even if unwanted. So the next time your laptop’s fan starts spinning or your phone vibrates, there may be a little more than a buzz. 

References

1. Genkin, D., Shamir, A., & Tromer, E. (2014). RSA key extraction via low-bandwidth acoustic cryptanalysis. Proceedings of CRYPTO 2014, Part I, LNCS 8616, 444-461. Springer.

1. Genkin, D., Shamir, A., & Tromer, E. (2016). Acoustic cryptanalysis. Journal of Cryptology, 29(2), 392-443.

1. Aviv, A. J., Sapp, B., Blaze, M., & Smith, J. M. (2012). Practicality of accelerometer side channels on smartphones. Proceedings of the 28th Annual Computer Security Applications Conference, 41-50.

1. Mehrnezhad, M., Toreini, E., Shahandashti, S. F., & Hao, F. (2016). TouchSignatures: identification of user touch actions and PINs based on mobile sensor data via JavaScript. Journal of Information Security and Applications, 26, 23-38.

1. Simon, L., & Anderson, R. (2013). PIN skimmer: inferring PINs through the camera and microphone. Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, 67-78.

1. Marquardt, P., Verma, A., Carter, H., & Traynor, P. (2011). (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. Proceedings of the 18th ACM Conference on Computer and Communications Security, 551-562.
2. Cai, L., & Chen, H. (2011). TouchLogger: inferring keystrokes on touch screen from smartphone motion. Proceedings of the 6th USENIX Conference on Hot Topics in Security, 9-9.
3. Miluzzo, E., Varshavsky, A., Balakrishnan, S., & Choudhury, R. R. (2012). TapPrints: your finger taps have fingerprints. Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, 323-336.
4. Spreitzer, R. (2014). PIN skimming: exploiting the ambient-light sensor in mobile devices. Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, 51-62.