(also format string vulnerability, FS attack)
Side-channel attack definition
A side-channel attack (SCA) is a type of cybersecurity attack that can cause information leaks and theft. A side-channel attack is conducted by analyzing or measuring different physical parameters such as execution time, supply currents, power consumption, and electromagnetic emissions.
Side-channel attacks are focused on attacking hardware instead of software. They steal data indirectly, which is the opposite of what most cyberattacks do – stealing data directly. Side-channel attacks are passive attacks and don’t require a lot of expensive equipment to work.
With a side-channel attack, an attacker waits until they spot leakage from a hardware device. Then, the attacker targets the leakage with a side-channel attack and extracts sensitive information from it.
Format string attack examples
- Timing attacks. These attacks analyze and measure the time it takes a system to execute cryptographic algorithms.
- Simple power analysis (SPA). This analysis monitors the power and electromagnetic variations that a system shows while it is operating.
- Electromagnetic (EM) attack. This attack measures and analyzes the electromagnetic radiation that a certain device emits.
- Template attack. This attack exploits identical template devices and compares side-channel data to get access to cryptographic keys that can be used to decrypt connections.
- Differential power analysis (DPA). This is an analysis that attackers conduct to observe the statistical measurements of several operations.