A side-channel attack, often called a sidebar attack, is a cyberattack that uses indirect means to gain restricted access to a system or collect data. While not common for regular uses, it’s frequent in industrial espionage.
Cybercriminals look for easier ways to access your data. This means they won’t use code breaking that might take weeks. Instead, they’ll take different approaches. They may focus on the human element. Alternatively, they may use your hardware directly. This is a side-channel attack.
Generally, these attacks aren’t obvious. So many companies don’t implement direct protection. Thankfully, the attack vectors are known, and protection is easy. In this guide, I’ll show you how side-channel attacks work. I’ll also show you the different types of sidebar attacks. Finally, I’ll tell you how you can protect yourself.
What Is a Side-Channel Attack?
The name might insinuate some highly technical type of cipher-breaking. In reality, a side-channel attack is probably the least digitally sophisticated of all cyberattacks. In essence, it’s thinking outside of the box. Side-channel attacks use non-digital means to gain digital information. This attack focuses on hardware, peripherals, and even the power grid!
For instance, let’s say you want to figure out a phone number. Sure, you can crack the databases to get the number. But you also can listen to the sounds made when typing in that number. If you know the sounds, you can guess the number. This is a prime example of a side-channel attack.
Example of a Side-Channel Attack
Perhaps the oldest side-channel attack was when John Draper used a Cap’n Crunch whistle to hack a phone company and get free calls. This was half a century ago.
Draper realized that the AT&T long lines used a very high frequency to establish long-distance calls. That frequency was exactly 2600 Hertz which is inside the audible range. Incidentally, a Cap’n Crunch whistle emitted the same frequency. Here, Draper got the idea.
First, he needed to disconnect the line without putting down the phone handle. Then, he’d blow the whistle. This would indicate that the line was open. He could make a call without putting in a coin!
Today, this attack is no longer possible. But it’s a basic example of a side-channel attack. Cybercriminals now have more sophisticated tools to observe and exploit systems. As a result, side-channel attacks persist.
How Does a Side-Channel Attack Work?
Side-channel attacks can happen in different ways. We can know the angles of attack, but not the exact methods. As a result, side-channel security is challenging.
Generally, side-channel attacks rely on observation. The attacker observes the system and tries to trick it with external factors. For instance, an attacker may cut the power to your systems. They may also track the electromagnetic (EM) waves from your hardware. An attacker also can simply see your password written down and use it to access your system.
Usually, no one expects these attacks. You won’t predict that the water delivery man is a cybercriminal looking for your password. As a result, you won’t protect your systems from these unusual vectors.
Next, let’s go through all the categories of how a side-channel attack can happen. I’ll also show you how you can protect against them.
Types of Side-Channel Attacks
Sidebar attacks often rely on different exposed parts in your system. By sheer necessity, these parts transmit information outwards.
Generally, humans separate the real world from the digital world. We only focus on the data we can see, not the electrons flowing through the hardware. We only see data as something we can see and access on physical devices. But the data exists even if no one is observing it.
In reality, the digital and real worlds are two parts of a whole. When we remember that, we can easily predict side-channel attacks. To help with that, here are the 7 types of side-channel attacks:
No device is perfectly efficient. As a result, they all emit electromagnetic radiation in the form of radio waves. These waves don’t carry any coherent data. However, they may have a distinct pattern.
Cybercriminals can translate these patterns. Then, they’ll see all the data on your device. It’ll be like they have direct access to the machine! Most computers work on binary code. Processors also have transistors in on and off positions to signal the 1 and 0 in the code.
For you, the code will appear on the screen as something you can understand. But cybercriminals will go directly for the transistors. They’ll record and translate the switching. This way, they can change the patterns into something they can understand.
Did you know? The NSA’s Tempest spying system uses this concept. This system can recreate entire screens in some cases. Newer tools also can record EM signals from far away, even through walls!
- Shield your hardware with Faraday cages. This will prevent waves from leaking.
- Place junk code in your software. This code will run randomly, so it scrambles your software. This will also mud any trail for cyberattacks.
You can’t access a system by measuring one device’s power consumption and timing. But cybercriminals can analyze power consumption on entire systems. This way, they can figure out when the security personnel are most active. Attackers will also know when servers are running.
Additionally, cybercriminals can cut power to various systems. This way, they can allow for other attacks.
- Use a UPS or Faraday cage. This will mask your power fluctuations.
- Use alternative sourcing to block power reads. For instance, you can use solar energy with batteries. This will severely scramble your signal. It’ll also be a good PR move.
This attack isn’t sophisticated at all. Basically, a cybercriminal will look for information in plain sight. They can see if someone has their password on a screen or jotted down somewhere.
On-site cybercriminals can be very crafty. For insteance, some attackers disguised themselves as Amazon delivery and water delivery people. Others also applied to be temp workers in a company!
These attacks are simpler in larger corporations where it’s easier to blend in with the crowd. But smaller companies may also be victims of visual attacks.
- Use biometric unlocking. This will resolve password-related attacks.
- Implement a better data management policy.
- Ensure your users need tokens to change their password every 60 seconds.
Cybercriminals may learn about your online and idle times. This way, they can predict the best time to attack.
In most cases, this shows an opening for fraudulent requests, especially toward customer support. For instance, cybercriminals will send spoofing attacks near the end of your shift.
- Introduce ad hoc changes to your schedule. This will prevent attackers from figuring out your server cycles or patterns.
- Use multi-cycle operations. Make your IT team work a different shift than everyone else. This way, someone will be observing security at all times. Bonus point: this also improves your productivity.
Computers make a lot of noise. Cybercriminals can use this noise to figure out information. For instance, the fan speed could reveal what your machine is doing. Attackers also can analyze the sound of your keystrokes!
All keys make a slightly different sound. On most keyboards, the innermost keys make a higher tone. And the spacebar makes a different sound.
Cybercriminals can process these sounds. Then, they’ll know how many letters are in a word. For instance, a three-letter word followed by a space key is most likely the. Additionally, English words need vowels at regular intervals. These insights make it fascinatingly easy to figure out what you wrote.
Unfortunately, keystrokes may also reveal your passwords to cybercriminals.
- Use quieter keyboards.
- Make the office louder. Use well-positioned music with a bit of bass. This will make it significantly harder to identify keystrokes.
6. Memory Cache
Virtually all modern computers use memory caching to improve performance. And cybercriminals can force this memory to give away pre-loaded data.
Memory cache attacks are hard because cache memory can be very large. This means cybercriminals can’t easily overload it. But, we’ve seen the Spectre and Meltdown attacks on Intel CPUs, which affected a lot of IoT devices for a while.
- Cut down the external commands your device can receive.
- Use junk data as a buffer. To do that, use random generators. This will simulate the data you operate with while deceiving cybercriminals.
7. Hardware Weaknesses
Technological advancements have made hardware side-channel attacks very difficult. But unfortunately, they still happen.
For example, a criminal can learn your hardware’s technical characteristics. Then, they’ll use this information to crash or exploit your hardware.
For instance, cybercriminals can force your systems to overheat. This way, hardware will release more electronic emissions. As the device cools down, the transistors will still be visible to infrared. This way, the attacker can record data externally.
- Use shielded hardware and implement backups.
- Be secretive about your devices. Don’t dispose of your order slips recklessly. Cybercriminals can rummage through the trash to figure out what devices you have.
- Ask your hardware suppliers to mask all SKU from your orders. This way, only you can figure it out and no one will know what devices you’re using.
How to Prevent a Side-Channel Attack
It isn’t difficult to prevent sidebar attacks. I also gave you some tips to protect your company against each attack vector. Generally, these are small, simple-to-adopt policies. But you also can introduce some known software solutions.
For instance, you can use the address space layout randomization, or ASLR. This process randomizes how data is placed within the cache memory. In turn, it removes a critical side-channel vulnerability.
Generally, cybercriminals don’t read data directly. Instead, they read the data patterns. To this end, ASLR randomization scrambles the whole signal. Your device will have the encryption key, but cybercriminals don’t have access to your device. This means the attackers won’t succeed.
For Windows 10 and Windows 11, ASLR protection will come with the OS. You also can enable it natively. Simply press the WIN key, and type Core Isolation. Then, type Ransomware Protection.
For all other operating systems, you’ll need to download an executable kernel and install it on your device.
The Bottom Line
Side-channel attacks are very problematic; very few people account for them. Companies opt for accessible hardware for easier maintenance, and no one ever thinks about keystroke sounds. However, these are both side-channel attack vectors.
Thankfully, you can implement solutions to avoid sidebar attacks. For instance, you may change your operations and policies. This way, your employees won’t accidentally externalize data. You also can implement software solutions. Then, attackers can’t know what’s happening in your systems.
You don’t need to worry about side-channel attacks constantly. But prevention is always better than the cure. So, introduce these preventative measures as soon as you can. Otherwise, protecting your company will be harder and more expensive.
Do you have more questions about sidebar attacks? Check out the FAQ and Resources below.
What is a side channel attack in IoT?
Internet of Things (IoT) devices are frequent angles for cyberattacks, especially for remote workers. In fact, anyone who can observe how an item works can exploit it. For instance, an attacker may target the cache on your printer and delete the data in it. This can include sensitive information or even passwords.
What is side channel data leakage?
This term refers to the unintended data leakage from OS, frameworks, software, or hardware. Generally, information in these entities is unsecured. It’s also available outside your security system. You can solve these issues with security measures such as Intune.
What is side-channel security?
Side-channel security refers to the protection measures against sidebar attacks. Side-channel security should be a part of your cybersecurity strategy.
Who is at risk from side-channel attacks?
In most cases, larger businesses are primary targets for side-channel attacks. They generally have more exposed hardware. Additionally, remote workers with a lot of IoT devices are at risk. Although they’re harder to target directly, they’ll fall victim to crimes of opportunity.
What is the biggest side-channel vulnerability?
The most common type of side-channel attack is the timing attack. Here, the attacker will measure performance and activity times. This way, they can reveal information like Hellman exponents and RSA keys.
TechGenix: Article on Fuzzing
Learn about the coding test technique known as fuzzing and how to do it.
TechGenix: Article on Slow-Running VMs
Find out why your virtual machine might be running slow.
TechGenix: Guide on Spoofing Protection
Follow a detailed guide on how to protect your business from spoofing attacks.
TechGenix: Article on Virtualization-Based Security
Explore what virtualization-based security (VBS) is and how to use it.
TechGenix: Article on Domain Controller Virtualization
Learn the most common mistakes to avoid when virtualizing domain controllers.