ACG-CYBER SECURITY BULLETIN NR 387: Risk Assessment and Security Implications of Side-Channel Attacks

Posted on April 11, 2025

Reference Number ACG-CSB 040325387

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

A side-channel attack is a type of cybersecurity threat where the attacker gains information from the physical implementation of a computer system, rather than exploiting software vulnerabilities. This is done by analyzing indirect information, such as power consumption, electromagnetic leaks, or even sound, to uncover sensitive data like cryptographic keys or personal information.

A side-channel attack doesn’t hit the software or its code head-on. Instead, it sneaks around, collecting data or messing with the system’s operation by observing the side effects of its hardware actions. In simpler terms, a side-channel attack cracks security by catching the hints or leaks a system throws off without meaning to. This method spies on the Electromagnetic Signals (EMF) that come off a computer screen, grabbing the information displayed before it gets encrypted. This kind of attack is a big deal in the world of cybersecurity, exploiting the electromagnetic leakage from devices to sneak a peek at sensitive data.

Side-channel attacks are now more common because of several factors. Increasing sensitivity of measuring equipment has made it possible to gather extremely detailed data about a system while it is running. In addition, greater computing power and machine learning enable attackers to better understand the raw data they extract. This deeper understanding of targeted systems enables attackers to better exploit subtle changes in a system.

While server-side attacks aim to compromise data and applications hosted on a server, client-side attacks specifically target software running on individual desktop systems. Commonly used applications such as web browsers, media players, email clients, office suites, and various others serve as prime entry points for attackers. Additionally, many organizations rely on in-house or custom-developed applications, which often lack formal security testing, further expanding the attack surface. Unlike server systems, which are generally easier to patch, secure, and monitor, client systems present a greater challenge due to their volume, diversity, and decentralized nature. The variety of operating systems and the multitude of applications installed on end-user machines amplify the difficulty of enforcing consistent security measures. As this complexity increases, so does the risk, making client-side vulnerabilities a critical concern for security professionals.

Overlooking client-side attack vectors can lead to significant security gaps. In fact, failing to address these threats may mean ignoring one of the most dangerous and commonly exploited avenues of attack within an organization. The expansive and varied software environment on user desktops represents a large, dynamic target—making proactive defense strategies not just important, but essential.

Attackers can also go after high-value targets, such as secure processors, Trusted Platform Module (TPM) chips and cryptographic keys. Even having only partial information can assist a traditional attack vector, such as a brute-force attack, to have a greater chance of success.

Side-channel attacks can be tricky to defend against. They are difficult to detect in action, often do not leave any trace and may not alter a system while it’s running. Side-channel attacks can even prove effective against air-gapped systems that have been physically segregated from other computers or networks. Additionally, they may also be used against Virtual Machines (VMs) and in cloud computing environments where an attacker and target share the same physical hardware.

Compression side-channel attacks like crime and breach highlight the need for rigorous security measures even when using industry-standard protocols like HTTPS. These attacks demonstrate that encryption alone is not always enough; additional layers of security are required to safeguard user data in today’s complex web environments.

With proper understanding and mitigation techniques, organizations can reduce their exposure to compression-based attacks and better protect sensitive information from exploitation. As attackers develop more sophisticated techniques, the importance of staying informed and implementing robust security practices becomes all the more essential.

RECOMMENDATION

The public is advised to follow these tips to avoid being a victim of cybersecurity-related attacks:

Set cookies as same-site helps ensure they are only sent in requests from the same domain, mitigating the risk of cross-origin attacks;
Generate unique Cross-Site Request Forgery (CSRF) tokens for each request, attackers cannot reuse a previously successful guess;
Separate User Data and Sensitive Information; and
Maintain clear separation between personal and work devices.

For additional information, please refer to the following websites:

https://www.geeksforgeeks.org/what-is-a-side-channel/
https://www.sciencedirect.com/topics/computer-science/server-side-attack
https://www.encryptionconsulting.com/compression-side-channel-attacks/

POINT OF CONTACT

Please contact PLTCOL JERRY V EMPIZO, Officer-In-Charge, Cyber Security Unit, thru e-mail address csradacgroup@gmail.com or contact us by telephone number (632) 723-0401 local 7488 for any inquiries related to this CYBER SECURITY BULLETIN.