In a sophisticated side-channel attack, a group of academics discovered that private keys can be recovered from devices by analyzing video footage of power LEDs.
“The cryptographic calculations performed by the CPU change the power consumption of the device, affecting the brightness of the device’s power LED,” researchers from Ben-Gurion University and Cornell University in the Negev said in a research report.
Using this observation, threat actors can leverage video camera devices such as the iPhone 13 or Internet-connected surveillance cameras to extract cryptographic keys from smart card readers.
Specifically, video-based cryptanalysis is achieved by acquiring video footage of the rapid changes in LED brightness and capturing physical emissions using the rolling shutter effect of a video camera.
“This is due to the fact that power LEDs are directly connected to the power line of the electrical circuit and lack effective means (such as filters or voltage regulators) to de-correlate power consumption.” researchers said.
In a mock test, it was found that this method could recover a 256-bit ECDSA key from a smart card by analyzing video footage of the power LED flashing through a hijacked internet-connected security camera.
In a second experiment, extracting a 378-bit SIKE key from a Samsung Galaxy S8 handset by training an iPhone 13’s camera on the power LED of a Logitech Z120 speaker connected to a USB hub that is also used to charge the phone. is ready.
What is notable about this attack is that its modus operandi is non-intrusive, stealing cryptographic keys via physical proximity or the Internet.
That said, there are some limitations to ensure this plan works. The camera should be placed 16 meters away from the smart card reader and have a direct view of the power LED. Then there is the condition that the signature is recorded for 65 minutes.
It also assumes that there is a side-channel based on power consumption that leaks sensitive information that could be used for cryptanalysis, making such attacks the exception rather than the norm.
To counter such attacks, LED manufacturers recommend including capacitors to reduce power consumption fluctuations, or covering power LEDs with black tape to prevent leakage.
The principal investigator of this attack, Ben Nassi, has devised a similar approach in the past (Lamphone and Glowworm), which uses a light bulb suspended from the ceiling and the device’s power indicator LED to initiate a conversation. eavesdropping.
And last year, researchers demonstrated a so-called “little seal bug” attack that exploits optical side channels associated with lightweight reflective objects to reconstruct the content of conversations.
