znkr
Dan HonWe considered ourselves to be a powerful culture capable of creating secure devices
This place is not a place of cryptographic security
No keys are secure here
The method of compromise here was honestly absolutely batshit
This disclosure is a warning about holy fuck did you see what they did
The danger is in a particular location by the power LED
β¦ it increases towards the center of the CPU
β¦ the center of the danger is in the cryptographic libraries
This makes compromising Geordi's visor look like weaksauce tbh.
Matthew Skelton
vincent@danhon the kind of title where i gave up any hope of the next word being what i expected
Dan Moved to Retro.social@danhon brb, swapping out some leds with old incandescent 47 bulbs
_Nec
Matt Palmer@danhon using the power LED of a set of speakers on the same USB hub is... π¨βπ³π
ArneBab@danhon very cool find!
Reminds me of RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis: https://web.archive.org/web/20230519161405/http://www.cs.tau.ac.il/~tromer/acoustic/
(fixed in GnuPG β thatβs one of the reasons to avoid building custom crypto libraries: did you think of ensuring key-independent sound patterns and power consumption?)
William@danhon it's like TEMPEST with an LED.
Shoulda called it LEDPEST.
Joshua Barretto@danhon I feel like it was clear after Spectre that this is where side-channel attacks were going. Cue every source of entropy associated with physical hardware suddenly becoming a window into the machine's soul. Terrifying but very cool, thanks for sharing!
Tito Swineflu@danhon How do they get the bit values? Is the LED actually pulsing with sequential bit values as they go by? All I see in this demo is the process to show that decryption/encryption is happening.