DPA attack on mobile phone
Posted on October 22, 2009
Harald Welte made a comment on a news article that describes a DPA attack on a mobile phone. He wonders what key would be the target of such a DPA attack and rightly states that from a 'normal' mobile GSM phone perspective the phone plays no role in the security of the system. Everything is dealt with between the back-end and the SIM card.
However, mobile phones these days are of course much more than just a GSM/UMTS device. They store different kinds of user data for example. Which may be secured with cryptographic keys in the application processor. But also the phone manufacturer or telecom provider may have reasons to guard the mobile device from the owner itself. Think of network and SIM lock mechanisms or code protection features.
Mobile phone unlocking and reprogramming is actually a significant market where the stakes (and rewards) are high for the first party to come out with new unlock solutions. In such a world DPA and other side channel attacks (such as fault injection) are very real.
And for the future this will only increase as parties worldwide are searching for the ultimate way to bring payment systems to your mobile device. Whether over UMTS or NFC and with or without smart cards. In such a world assessing side channel attacks on mobile devices is not strange at all.