Encryption Securing Mobile Money Transfers Can Be Broken

An anonymous reader writes: A group of researchers has proved that it is possible to break the encryption used by many mobile payment apps by simply measuring and analyzing the electromagnetic radiation emanating from smartphones. Modern cryptographic software on mobile phones, implementing the ECDSA digital signature algorithm, may inadvertently expose its secret keys through physical side channels: electromagnetic radiation and power consumption which fluctuate in a way that depends on secret information during the cryptographic computation.

Flood the Channel

[necro81]

One potential countermeasure is to have the phone and receiver send back and forth lots of additional, random, and irrelevant chatter across the channel. This decreases the signal-to-noise ratio, and makes it harder for the potential attacker to figure out what the real key in all that communication and what is chaff.

No data-dependant crypto implementations

[DrYak]

but smartphone makers could thwart all attack of this type by ensuring current draw while charging is consistent as to make it impossible to determine what the phone is doing.

Or simply use implementation of ECDSA, AES or other primitives that are note data-dependent (which behave always the same, no matter what plain-text or what key is submitted to them).
example of a library build around such principles by Daniel J Bernstein.

If an implementation makes some jumps or some allocations or some data manipulation, these are points that can be eavesdropped on.
If an implementation does always the exact same step no matter what the data is, you'll have a lot less to spy on.