Mastodawn

MattT ✅Jun 13, 2023

Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.

The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached peripheral device—to pull a 256-bit ECDSA key off a government-approved smartcard. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset.

https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/

Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away

Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.

Ars Technica

Dan Goodin Jun 13, 2023

People keep commenting (rightly, mostly) that the limitations of this attack (e.g. the time required to collect enough data and the amount of zoom required) make it impractical. That's likely mostly true right now. But remember this attack is likely to work on new side channels discovered in the future. Another consideration is that commercial cameras are improving at a breakneck speed. As the researchers put it:

"We also raise concern regarding the real potential of video-based cryptanalysis in our days, given existing improvements in video cameras’ specifications. In our research, we focused on commonly used and popular video cameras to demonstrate video-based cryptanalysis (i.e., 8-bit space for a single RGB channel, Full-HD resolution, and maximum supported shutter speed). However, new versions of smartphones already support video footage of 10-bit resolution (e.g., iPhone 14 Pro MAX and Samsung Galaxy S23 Ultra). Moreover, professional video cameras with a resolution of 12-14 bits already exist, 2 Such video cameras may provide much greater sensitivity, which may allow attackers to perform attacks with the ability to detect very subtle changes in the device’s power consumption via the intensity of the power LED. In addition, many Internet-
connected security cameras with greater optical-zoom capabilities than the video camera used in our research (25X) already exist (30X, 36X) and are likely already widely deployed. Such security cameras may allow attackers to perform video-based cryptanalysis against target devices from a greater distance than that demonstrated in this paper. Finally, new professional video cameras for photographers currently support a shutter speed of 1/180,000 (e.g, Fujifilm X-H2.3) The use of such video cameras may allow attackers to obtain measurements at a higher sampling rate which may expose other devices to the risk of video-based cryptanalysis."

Tindra Jun 13, 2023

@dangoodin I’m expecting a “just stick some tape over that LED” directive, if anything.

Ostrich Jun 13, 2023

@TindrasGrove @dangoodin Yeah, but the neat part about side channel attacks is that they exploit more than anything else a failure in the threat model. You can't plan for what you don't know is possible!

Tindra Jun 14, 2023

@ostrich @dangoodin you’ve clearly never studied SCIF construction standards and their associated access policies.

The lack of personal/mobile devices in SCIFs protects against this quite nicely!

Ostrich Jun 14, 2023

@TindrasGrove @dangoodin Oh I know about SCIFs- and what prompted them was the very same research that discovered TEMPEST!

Techronic9876 Jun 13, 2023

@dangoodin doesn’t seem far fetched for government based hackers to build special purpose devices using these techniques, and sneaking them into places they want to exploit either

Eugene Alvin Villar 🇵🇭Jun 13, 2023

@dangoodin ouch. Side channel attacks are notoriously hard to avoid.

Ostrich Jun 13, 2023

@seav @dangoodin Every time I see a new side channel attack now I'm reminded of @0xabad1dea's DEFCON 21 talk that convinced me to buy an RTL-SDR

jaseg Jun 13, 2023

@dangoodin A mitigating factor in this attack is that the camera has to be close enough or zoomed in enough that the LED covers the entire picture.

Dan Goodin Jun 13, 2023

@jaseg A commercial surveillance camera can pull off the attack from 60 feet away. How is having to zoom in a mitigating factor?

jaseg Jun 13, 2023

@dangoodin Most security camera's don't have 25X optical zoom, and with a smartphone the attack requires an clamped-on microscope objective. At a cursory glance over the paper's abstract one might think that an accidential recording of a power LED anywhere in the frame of a video would be enough, when really the attacker has to control the camera physically or remotely for the attack to work. I think this is awesome research, I just think it's also ripe for misunderstanding.

Dan Goodin Jun 13, 2023

@jaseg 1) I tried to make clear that there are limitations to the current attack, which I view more as a proof of concept than a viable technique for stealing keys in the real world. The point isn't "OMG, people can steal my smartcard key now," it's "OK, exploiting sidechannels doesn't have to be as intrusive as I thought." 2) Security cams with 25x zoom are more pricey, but they are by no means uncommon, especially in high-security environments that are most likely to be targeted.

jaseg Jun 13, 2023

@dangoodin I agree with you, and I didn't mean to criticize your article. I just posted what was on my mind regarding the paper.

theMimic Jun 13, 2023

@dangoodin @jaseg

The real limitation of this technique is here:

> The video must be captured for 65 minutes, during which the reader must constantly perform the operation.

I can't think of a single real world situation where someone is typing their code or scanning a card nonstop during an hour.

Nevertheless, the study is a breakthrough taht can lead to further research with real-world impact.

jaseg Jun 13, 2023

@mimic @dangoodin I think this is not too unrealistic. Consider a security camera pointed at a server in a datacenter. That server could easily be decrypting data with the same key for an hour. Or consider a credit card terminal at a supermarket checkout with a camera pointed to it. The CC terminal could also be talking to its SAMs, performing the same operation over and over for an hour.

theMimic Jun 13, 2023

@jaseg @dangoodin

You're right. I didn't think about these use cases. It still restricted but can have real-world implications.

Thanks for sharing these insights!

Dan Goodin Jun 13, 2023

@mimic @jaseg Two things: 1) the technique will likely be applicable to new side channels discovered in the future. These new attacks may not have the same limitations and will be MUCH easier to perform than more intrusive methods for exploiting 0days currently in use. 2) Many people leave smartcards inserted in readers for long periods of time, so the 65 minute requirement may not be as hard to satisfy as you think.

ruff Jun 13, 2023

@dangoodin Ok so how can I pull a backup of my private keys from my smartcard? I generated them right on card and I'm now scared to use the keys widely as if I lose the card (or it's stolen) I wouldn't be able to use all cryptography bound to that pkey

Cassandrich Jun 14, 2023

@ruff @dangoodin This. 👆 Value of this kind of side channel is freeing your own keys from device lock-in.

PoroCYon Jun 13, 2023

@dangoodin interesting attack but uh

SIKE has been cryptographically broken (see https://en.wikipedia.org/wiki/Supersingular_isogeny_key_exchange ), it actually takes more time to pull off this side channel attack than break the cryptography & find the keys

Supersingular isogeny key exchange - Wikipedia

Dan Goodin Jun 13, 2023

@pcy I think you're being too literal here. The SIKE key retrieval is a PoC that shows that video recording a power LED can, in fact, leak a key of substantial size. Keep in mind, this technique will likely be useful in exploiting side channels discovered in the future that affect algorithms that haven't been deprecated. Also, you do know that I reported on the demise of SIKE back in August and noted it again in this article, yes?

I notice also that you make no mention of the key retrieval for ECDSA, which is still widely in use.

Pwnallthethings Jun 13, 2023

@dangoodin This is a super neat attack. Thanks for the great write-up, including it's limitations Dan!

Dan Goodin Jun 13, 2023

@Pwnallthethings Thanks for the kind words, Matt.

stephen ryner jr. 🦉Jun 13, 2023

@dangoodin @briankrebs “Activating a rolling shutter can upsample the sampling rate to collect roughly 60,000 measurements per second” ohhhh shiiiiiit

Carnildo Jun 13, 2023

@dangoodin Using this against a smartcard may be novel, but people were reading modem transmissions off the status LEDs 30 years ago. My standing assumption is that any status light connected to a computing device is a potential side channel.

Darrel Plant Jun 14, 2023

@carnildo @dangoodin

One of the tricks with the mid-1970s Altair 8800 was to play music with the RF noise the computer put out executing specific loops and instructions.

https://youtu.be/1FDigtF0dRQ

Altair 8800 - Video #29 - Music on an Altair 8800

YouTube

Tyson, Chicken Rancher 🐓Jun 13, 2023

@dangoodin Side-channel attacks are so sexy. Extracting a secret key from an LED?! That's Neal Stephenson-level nerdery.

Christian Kent 𝘊𝘒 :＼﹥Jun 14, 2023

@dangoodin @Pwnallthethings I think you could learn a surprising amount by walking around with a Walkman radio and earphones tuned to an AM station. The interference sounds on AM are clear and unique.

William Gunn Jun 14, 2023

@dangoodin Weird! I would have expected the brightness of the LED on an attended peripheral to be entirely unrelated to the power consumption of the device it's attached to. Why does it work like that?

ajkandy Jun 14, 2023

@williamgunn @dangoodin Likely because, for cost reasons, they all run off a single power bus, so drain on one device affects another, or leaks signal via crosstalk. To fix this, devices would need redesigned power busses to provide clean, filtered, isolated voltage to subcomponents. (Modern guitar pedalboards use isolated power supplies more or less for the same reason, to avoid the hum and crosstalk typical of older ‘daisy chain’ power adapters.)

William Gunn Jun 14, 2023

@ajkandy @dangoodin but it's not the same power bus, unless I misunderstood. The LED is on a separate device attached via Bluetooth.

ajkandy Jun 14, 2023

@williamgunn @dangoodin As it’s described, both devices are connected by USB, and likely powered off the USB bus.

@dangoodin reminds me of the Glowworm paper and video: https://youtu.be/z4-OFLTHtiw

Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED

YouTube

Kevin Cheek Jun 14, 2023

@dangoodin @malwarejake

Aral Balkan Jun 15, 2023

@dangoodin Excellent article.

(Meanwhile, John from accounting just wrote down the password he uses everywhere on a post-it note he stuck to his monitor.)

dandandin Jun 15, 2023

@dangoodin sembra quasi fantascienza

Lukas 🥔Jun 15, 2023

@dangoodin wild stuff

Is there an app available that uses this discovery to root an Android device or jailbreak an iOS device? You could install a secure OS on any device.

William Mortada Jun 16, 2023

@dangoodin interesting article. I particularly like the fact that the mitigation is so low tech: "just stick some tape over the power LED".