Researchers Find a Way to Recover Cryptographic Keys by Analyzing LED Blinking
In what is ingenious side channel attacka group of academics have discovered that a device’s secret key can be recovered by analyzing video recordings of its power LEDs.
“The cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device’s power LED,” researchers from Ben-Gurion University of the Negev and Cornell University said in a study.
By leveraging these observations, threat actors can leverage video camera devices such as the iPhone 13 or internet-connected surveillance cameras to extract cryptographic keys from smart card readers.
Specifically, video-based cryptanalysis is performed by obtaining video recordings of rapid changes in LED brightness and exploiting the power of video cameras. rolling shutter effects to capture physical emanations.
“This is due to the fact that the power LED is connected directly to the power line of the electrical circuit which lacks an effective way (eg, filter, voltage stabilizer) to dissociate the correlation with power consumption,” the researchers said.
In a simulation testit was discovered that the method enables the recovery of 256-bit ECDSA keys from smart cards by analyzing video recordings of power LED blinking via hijacked Internet-connected security cameras.
The second experiment enabled the extraction of a 378-bit SIKE key from a Samsung Galaxy S8 handset by training the iPhone 13’s camera on the power LED of a Logitech Z120 speaker connected to a USB hub that is also used to charge the phone.
(embed)https://www.youtube.com/watch?v=ITqBKRZvS3Y(/embed)
What makes the attack infamous is that its modus operandi is not intrusive, whether relying on physical proximity or over the internet, to steal cryptographic keys.
That said, there are some limitations to reliably performing a schematic. This requires the camera to be positioned 16 meters from the smart card reader and such that it has a direct line-of-sight view of the power LED. Then there is the requirement for signatures to be recorded for 65 minutes.
It also presupposes that there are side-channels based on power consumption that leak sensitive information that can be used for cryptanalysis, making such attacks the exception rather than the norm.
To combat such attacks, it is recommended that LED manufacturers integrate capacitors to reduce fluctuations in power consumption or, alternatively, cover power LEDs with black tape to prevent leakage.
Ben Nassi, the lead researcher behind the attack technique, has previously devised a similar approach in the past – Lampone and Glowworm – which uses an overhead chandelier and a device’s power indicator LED to eavesdrop on conversations.
Then last year, researchers demonstrated the so-called “small seal bug” attack that utilizes the optical side channel associated with a light reflective object to recover the content of the conversation.
