CATEGORIES
home News

Researchers Demo Alarming Exploit That Steals Encryption Keys By Recording Power LEDs

by Nathan OrdWednesday, June 14, 2023, 11:41 AM EDT
researchers demo alarming exploit that steals encryption keys by recording power leds
Researchers from the Ben-Gurion University of the Negev published a paper this week outlining a new side-channel attack against cryptographic computations. The researchers were able to successfully recover cryptographic keys by simply recording power LEDs through commercial video cameras of varying types.

The six-person team, led by Ben Nassi, discovered that it is possible to recover secret keys from a device due to fluctuations in power draw. In short, these fluctuations are represented in the power LED through minor color and brightness changes. In demonstrations, they found that this could be used to recover a 256-bit ECDSA key from a smart card as well as a 378-bit SIKE key from a Samsung Galaxy S8 by watching the power LED of Logitech Z120 USB speakers connected to the same USB hub as the Galaxy S8.

camera watching tech attack

This attack is accomplished by recording a video with the full space taken by the LED of the victim's device. This can then be used to increase the measurement of the LED from the framerate at 60 FPS to the speed of the rolling shutter at 60,000 measurements a second. For those unaware, rolling shutter is when a camera takes a snapshot of a segment of an image at a time (usually line-by-line readout), rather than the full picture.  This means there are many "photos" comprising one full photo, resulting in, for example, skew in photos if there is motion in what is holding the camera. Then, this video can be assessed frame by frame to extract RGB values at high increments that are then used to calculate power usage, which helps yield the secret key from the device. This could be achieved at up to 16 meters or 53 feet away.


With this attack, the research team was able to demonstrate the Hertzbleed and Minerva attacks, which were recently discovered with relatively new cryptographic libraries. To counteract these and other novel attacks, the paper reports that cryptographic libraries should not leak information, and hardware manufacturers should implement safeguards. This would include using static LEDs that don’t report CPU status or usage and decoupling power consumption from the LEDs.

If you are interested, the full report covers the attack breakdown, including the complex algorithms and methods the research team used to accomplish the attack. Aside from that, there is a low chance that this attack will be used against you, so there is nothing really to worry about.

However, it is pretty cool to think about, and you can let us know what you think in the comments below.
Tags:  security, cryptography, side-channel
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment