Dan GoodinJun 13, 2023

Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.

The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached peripheral device—to pull a 256-bit ECDSA key off a government-approved smartcard. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset.

https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/

Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away

Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.

Ars Technica
Show threadCarnildoJun 13, 2023
@dangoodin Using this against a smartcard may be novel, but people were reading modem transmissions off the status LEDs 30 years ago. My standing assumption is that any status light connected to a computing device is a potential side channel.
Show threadDarrel Plant

@carnildo @dangoodin

One of the tricks with the mid-1970s Altair 8800 was to play music with the RF noise the computer put out executing specific loops and instructions.

https://youtu.be/1FDigtF0dRQ

Altair 8800 - Video #29 - Music on an Altair 8800

YouTube
Jun 14, 2023 at 7:00amWeb