Friday, November 06, 2015
James Bond style hack attacks pose no threat in the real world
A couple of years ago I was fortunate enough to be shortlisted in the Best Investigative Feature category at the BT Information Security Awards for a piece published over at Cloud Pro. Under the rather apt title of "Cryptography attack: side-channel cloud threat is all nerd and no knickers", the article was a rather complete dismissal of yet another side-channel attack scenario that had emerged from the labs of some security researchers. The research itself was hugely interesting to a security nerd such as myself, but totally unrealistic as an attack vector outside of the carefully controlled conditions of the lab and into the real world of enterprise data storage. As someone who has been researching, and writing about, side-channel attacks for the best part of a decade now, none of this came as any real surprise. While these attack vectors remain in the theoretical domain of the uber nerd, they are not of any great threat to the rest of us. Sure, there have been plenty of practical demonstrations of how sounds waves or processor timing information can be used to attack crypto systems, but they all rely upon a raft of 'as long as' and 'assuming that' conditions which tend not to exist in actual use-case scenarios.