The cybersecurity researchers from the Ben-Gurion University of the Negev and Cornell University have revealed how a side-channel attack targeting a smart card reader’s power LED can recover encryption keys.
This ground-breaking method can help adversaries extract encryption keys from a device simply by analyzing the video footage of its power LED. This happened because the CPU’s cryptographic computations can change the power consumption of a device and impact the brightness of its power LED.
This ingenious attack method leverages the connection between a device’s power consumption and the brightness of its power LED. Adversaries can obtain secret keys from the RGB values as the LED’s brightness changes when the CPU performs cryptographic operations.
They exploited the flickering of the power LED during this operation and used their understanding of the card reader’s inner workings to decode the keys and gain access.
The team conducted two side-channel cryptanalytic timing attacks using this video-based cryptanalysis method. After examining the video footage of the power LED, they recovered a 256-bit ECDSA key from the smart card using a compromised internet-connected security camera. They placed the camera at a distance of 16 meters from the smart card reader.
Next, they recovered a 378-bit SIKE key from a Samsung Galaxy S8 by analyzing the video footage of the power LED of Logitech Z120 USB speakers connected to the USB hub they used to charge the Galaxy S8.
“This is caused by the fact that the power LED is connected directly to the power line of the electrical circuit, which lacks effective means (e.g., filters, voltage stabilizers) of decoupling the correlation with the power consumption,” researchers explained in their report.
But, this technique is not as simple as it seems because merely observing the LED with a camera cannot help recover security keys, even if the frame rate is considerably high. To record the rapid changes in an LED’s brightness using a standard webcam or smartphone camera, turning on the rolling shutter effect is essential, as this is when camera sensors start recording images line by line.
In a regular setting, the camera will record the entire image sensor. Using the same technique, attackers can exploit the video camera of an internet-connected security camera or even an iPhone 13 camera to obtain cryptographic keys. Cybersecurity researchers have shown concerns as this attack method will help attackers surpass all barriers to exploit side channels, which so far were not possible. The method’s non-intrusiveness makes it even more sinister.
However, as with every attack, there are some limitations to this one. For example, apart from being placed at a 16m distance, the camera should be in the direct line of sight view of the LED, and signatures should be recorded for 65 minutes.
Countering such attacks is possible if LED manufacturers add capacitors to reduce power consumption fluctuations. An alternate solution is covering the power LED with black tape to prevent information exposure.
Researchers have shared their explosive findings in a paper titled “Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED,” available here (PDF).
RELATED NEWS
- Self-driving cars can be fooled by displaying virtual objects
- Locating malicious drone operators using deep neural networks
- Malware attack tricks biologists into producing dangerous toxins
- Stealing data from air-gapped PC by turning RAM into Wi-Fi Card
- Hackers can steal data from air-gapped PC using screen brightness
- Malware can extract data from air-gapped PC through power supply
- Lamphone attack recovers secret conversation via hanging light bulb