• mo_ztt ✅@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    In one, they say they were able to hijack an Internet-connected security cam and capture footage of the power LED of a smart card reader 16 meters away. After processing and analyzing the footage, the team was able to recover the 256-bit key.

    Wow! That’s incredibly impressive.

    In another study, they were able to take iPhone footage of the power LED of Logitech speakers that were hooked up to an USB hub that was also charging a Samsung Galaxy S8 smart phone. From looking at the speakers’ power LED and analyzing its colors and brightness, the team says they were able to uncover the 378-bit key for the Samsung Galaxy — a remarkable scenario because the key was solved indirectly by looking at another connected device.

    Holy shit! That’s unbelievable! By which I mean: I don’t believe you.

      • mo_ztt ✅@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        edit-2
        1 year ago

        With the help of this video I found their paper. So: In order to compromise the smart card reader, they hooked up their own hardware to it and caused it to perform 10,500 signature operations while they carefully measured the brightness of the LED. For the Samsung private key attack, they’re applying in a novel way an already-known timing attack caused by an interaction between the crypto library and the power-saving features of the processor. They threw large numbers of carefully crafted cryptographic operations at the CPU to cause it to change its voltage and power characteristics in ways it’s not supposed to, which they then detected at a distance by observing the speaker’s LED, which led them to be able to deduce the private key.

        It’s still extremely impressive and 100% valid research. But, I feel that “if we have access to the hardware / ability to attack the software at length, and in addition we can watch the LEDs, the LEDs can help with the attack operation we conduct” is a little different than what the article made it sound like.

        • PhantomPhanatic@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Yeah, I pulled the paper as well since I was curious. As far as I understand it, for the card reader, they use the data they get from the LED to help with solving the key. The LEDs leak crucial information about each encryption calculation and some specific calculations give away more info than others so they had to capture many key exchanges. Not super useful in most cases but it demonstrates a novel way to observe leaked info.

          I’ll add a link to the paper to the post for easier access.

          • mo_ztt ✅@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Sounds good to me. Like I say it’s still extremely impressive; there’s no need to omit the “and they also did a conventional attack at the same time which the LED helped with” part for it to be a great story.