Which description best captures Side Channel Attacks?

Side-channel attacks exploit information leaked by the physical implementation of a cryptographic system, rather than weaknesses in the algorithm itself. By measuring things like how long operations take or how much power or electromagnetic energy the device uses, an attacker can infer secret data such as cryptographic keys. This is exactly captured by describing attacks on a cryptographic system that rely on timing and power analysis, not on the content of the message. Interception of plaintext during transmission describes eavesdropping on data as it travels, which is a data-channel threat, not a side-channel. Guessing weak passwords is a credential-based attack, not related to the device’s physical leakage. SQL injection exploits flaws in how software handles input to manipulate databases, also not a side-channel issue.