![]() The cloning also requires up to $12,000 worth of equipment and custom software, plus an advanced background in electrical engineering and cryptography. ![]() The attack isn’t free, but it’s not expensive either:Ī hacker would first have to steal a target’s account password and also gain covert possession of the physical key for as many as 10 hours. ![]() With the crypto key in hand, the attacker can then create her own key, which will work for each account she targeted. The exploit allows an attacker to obtain the long-term elliptic curve digital signal algorithm private key designated for a given account. In other words, the process would take 10 hours to clone the key for a single account, 16 hours to clone a key for two accounts, and 22 hours for three accounts.īy observing the local electromagnetic radiations as the chip generates the digital signatures, the researchers exploit a side channel vulnerability in the NXP chip. It takes another six hours to take measurements for each account the attacker wants to hack. Once the measurement-taking is finished, the attacker seals the chip in a new casing and returns it to the victim.Įxtracting and later resealing the chip takes about four hours. Next, an attacker connects the chip to hardware and software that take measurements as the key is being used to authenticate on an existing account. ![]() ![]() The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. ![]()
0 Comments
Leave a Reply. |