Computer Hope
Other => Other => Topic started by: Geek-9pm on January 31, 2018, 08:43:27 PM
-
Side-channel attack?
This term might appear in recent news articles about a perceived weakness in the way modern computer chips work. Such a weakness might be used by cyber criminals to compromise data security.
Here is the Wikipedia explanation:
https://en.wikipedia.org/wiki/Side-channel_attack
Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system. Some side-channel attacks require technical knowledge of the internal operation of the system, although others such as differential power analysis are effective as black-box attacks. Many powerful side-channel attacks are based on statistical methods pioneered by Paul Kocher.
This is nothing new.
Historical analogues to modern side-channel attacks are known. A recently declassified NSA document reveals that as far back as 1943, an engineer with Bell telephone observed decipherable spikes on an oscilloscope associated with the decrypted output of a certain encrypting teletype.[...
...
In the 1980s, Soviet eavesdroppers were suspected of having planted bugs inside IBM Selectric typewriters to monitor the electrical noise generated as the type ball rotated and pitched to strike the paper; the characteristics of those signals could determine which key was pressed.[10]
Nothing to worry about.
(http://geek9pm.net/CH/stop_worry.gif)
-
My understanding has been that it is analogous to "listening" to a combination lock to try to find the combination; exploiting a deep understanding of the specific mechanisms of a system in order to gain access.
I think it's name is because it's not quite a backdoor, but it's certainly not the "expected" way in. Sort of like the difference between having a secret backdoor password and knowing that a system takes an extra 2 nanoseconds somehow each time you type the correct letters for the password.
-
Good example!
Similar analogies could be made about physical security.
A householder gets new locks for his doors and neglects to notice there is a small window the attic. A small burglar could get in through the small window.
That does not mike the house a bad house. It just was not made to be a fortress.
The 'flaws' in the design of any CPU might be necessary to get the level pf performance that users expect. As this time that has not been proven to be true or false.
Right now, the really big threat is so many users are not vigilant about computer security and allow too many unsafe things to get into a personal computer.
I found a link that claims you do not need an AV programs anymore. :o
No, I am not going to put the link here. 8)