Why You Need to Consider the Risk of an IoT Side-Channel Attack

Take a moment and consider that some predictions place the amount of data that Internet of Things (IoT) devices will produce by 2025 to be 73.1 ZB… “ZB” meaning “zettabytes,” each of which equalling one billion terabytes. That’s massive, and illustrates how many IoT devices will be around us at that point. Furthermore, it shows how concerned we should be about the potential for something called a “side-channel attack.”

Let’s examine what a side-channel attack is—and how the minds at MIT are working on a chip to help stop them. 

What is a Side-Channel Attack?

Cyberattacks come in many, many different forms. We’ve talked about a lot of them here… from the phishing messages that try to coerce users into sharing access or information, to the ransomware infections that encrypt data and threaten to delete and/or distribute it unless a payment is received, to the botnets that bring networks screeching to a halt under a deluge of traffic. 

A side-channel attack is just another means for an attacker to get what they want from your business. However, unlike the aforementioned methods that all go head-to-head with your network and its protections in some way, a side-channel attack does things a bit differently.

Rather Than Clashing with Your Protections, a Side-Channel Attack Collects Information

If you’ve ever read the old Sherlock Holmes stories, you’ll be familiar with the superhuman powers of observation and deduction that Sir Arthur Conan Doyle gave his titular consulting detective. While Holmes wasn’t against getting into scraps as the need arose, his true talents presented themselves in his capability to observe a crime scene and determine the exact series of events based on the evidence left behind. Once he had analyzed the evidence, Holmes would usually put himself in the right place to catch the criminal.

A side-channel attack largely follows the same process. By analyzing how a computer system indirectly responds to its data, a side-channel attack is able to steal this data.

Side-channel attacks can take advantage of a disturbingly wide range of scenarios. For instance, the electromagnetic waves a device emits can be translated back into the processes that produced them. Keystrokes can be mimicked based on sound alone. The whole thing sounds pretty science-fiction, but an attacker can potentially even deduce what processes a system is running based on how long it takes to run them.

The IoT Actually Enables these Attacks

This makes these kinds of attacks very effective—particularly now that there are so many IoT devices out there to provide the kind of data that side-channel attacks specifically look for. Making the situation even worse, these attacks are notoriously difficult to protect against. They are hard to spot, and can even be effective against air-gapped systems (ones that have no connection to other computers or networks).

Oh, and with the advances being made in machine learning and in measuring tools, these kinds of attacks are becoming more common.

It’s No Wonder a Team at MIT is Fighting Against These Attacks

Thanks to a group from MIT’s Department of Electrical Engineering and Computer Science (EECS), a project is underway to develop a chip that (to greatly simplify what is actually happening) randomizes the information that a device would leak.

In other words, randomize the very information that side-channel attacks rely on.

The chip has been designed to fit into IoT devices of all kinds, including smartwatches and other smaller form factors. While its processes are effective against side-channel attacks, it requires significantly more power in order to function… a trade-off that the research team sees as worth it, compared to the security shortcomings that the chip prevents.

As Anantha Chandrakasan, dean of MIT’s School of Engineering and senior author of the research paper, puts it, “We’re at the point where security matters. We have to be willing to trade off some amount of energy consumption to make a more secure computation.”

In the meantime, business-grade equipment is less susceptible to these kinds of attacks, and restricting access to it only makes it harder for a cybercriminal to potentially attempt a side-channel attack.

We’re Here to Help Ensure Your Security in Any Way We Can

Whatever the risk your business faces, we’re committed to reducing it through the implementation and management of security measures that align with modern best practices. If you’re interested in finding out more about what we can do to protect your business and its data, call (774) 213-9701 today.