The CLKSCREW project was shown at the recent Usenix Security conference and is signficant as it just uses software. Other side channel attacks using differential power analysis have to have access to the hardware to measure the energy use of the power lines.
Instead, CLKSCREW exploits the software that controls the dynamic voltage scaling induce faulty computations in the security subsystem, dramatically reducing the number of possible encryption keys. This then leaves the system open to a ‘brute force’ attack to work out the keys.
“This is dangerous when these faults can be induced from lower privileged software across hardware-enforced boundaries, where security sensitive computations are hosted,” say the researchers, led by Adrian Tang. This particular vulnerability is important as it unlike physical fault attacks, it enables fault attacks to be conducted purely from software. Remote exploitation with CLKSCREW becomes possible without the need for physical access to target devices.
CLKSCREW has been tested out on Google's Nexus 6 smartphone, which uses the same power management chip as the Samsung Galaxy Note 4 which would also be vulnerable.