A side-channel attack is a sophisticated method used by hackers to exploit vulnerabilities in a system by analyzing indirect information that can be gleaned from the physical implementation of a computer system. Unlike traditional cyber attacks, which often focus on exploiting software flaws or weaknesses in code, side-channel attacks target the hardware and the way it processes information.
These attacks can take various forms, including monitoring power consumption, electromagnetic leaks, or even timing variations during computations. For instance, an attacker may measure how long it takes for a device to perform certain operations and infer sensitive data based on these timing differences. This type of analysis can reveal cryptographic keys or other confidential information that would otherwise remain secure if only software vulnerabilities were considered.
Some of the most widely known examples of a side channel attacks are the 2017 CPU vulnerabilities knows as Meltdown and Spectre (an additional Spectre V2 was also discovered). These are cache based side channel attacks which allow an attacker to leak the memory contents of other system processes and even the operating system itself. These attacks affect all pre 2019 processors which implement speculative branch prediction.
Wikipedia has a decent article on side channel attacks at: https://en.wikipedia.org/wiki/Side-channel_attack
Wikipedia articles are also available for the Meltdown, and Spectre vulnerabilities.
For a complete breakdown of the CPU vulnerabilities related to these side channel attacks: https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability
In addition to the techniques described in these CPU cache and timing attacks, it is also possible to observe information leaked from a system by monitoring things like power consumption, acoustic output, electromagnetic radiation, or operation timing. The following research paper has a very technical breakdown of how power consumption or EM output can be used as a side channel attack: https://www.mdpi.com/2410-387X/4/2/15