Torturing the Secret out of a Secure Chip
A new chink has been found in the cryptographic armor that protects bank transactions, credit-card payments, and other secure Internet traffic. And although programmers have devised a patch for it, clever hackers might still be able to break through.
The hack, presented in March at a computer security conference in Dresden, Germany, involves lowering the input voltage on a computer’s cryptography chip set and collecting the errors that leak out when the power-starved chips try and (sometimes) fail to encode messages. Crooks would then use those errors to reconstruct the secret key on which the encryption is based. More important, say the hack’s creators, the same attack could also be performed from afar on stressed systems, such as computer motherboards that run too hot or Web servers that run too fast.
A news story for the April 2010 issue of IEEE Spectrum.