Security News > 2023 > June > Power LED Side-Channel Attack
The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card readeror of an attached peripheral deviceduring cryptographic operations.
This technique allowed the researchers to pull a 256-bit ECDSA key off the same government-approved smart card used in Minerva.
The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset, in a similar way to how Hertzbleed pulled SIKE keys off Intel and AMD CPUs.
When the camera is 60 feet away, the room lights must be turned off, but they can be turned on if the surveillance camera is at a distance of about 6 feet.
The attack assumes there is an existing side channel that leaks power consumption, timing, or other physical manifestations of the device as it performs a cryptographic operation.
So don't expect this attack to be recovering keys in the real world anytime soon.
News URL
https://www.schneier.com/blog/archives/2023/06/power-led-side-channel-attack.html