Mac Developer: New attack steals secret crypto keys from Android and iOS phones | Ars Technica
New attack steals secret crypto keys from Android and iOS phones | Ars Technica The exploit is what cryptographers call a non-invasive side-channel attack. It works against the Elliptic Curve Digital Signature Algorithm, a crypto system that's widely used because it's faster than many other crypto systems. By placing a probe near a mobile device while it performs cryptographic operations, an attacker can measure enough electromagnetic emanations to fully extract the secret key that authenticates the end user's data or financial transactions. The same can be done using an adapter connected to the USB charging cable.
Seems like it would be easier for the FBI to hire these guys to crack the said iPhone!
Labels: security flaw, security policy