Researchers Find Way to Recover Cryptographic Keys by Analyzing LED Flickers

2023-06-26 16:46

In what's an ingenious side-channel attack, a group of academics has found that it's possible to recover secret keys from a device by analyzing video footage of its power LED. "Cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device's power LED," researchers from the Ben-Gurion University of the Negev and Cornell University said in a study.

"This is caused by the fact that the power LED is connected directly to the power line of the electrical circuit which lacks effective means of decoupling the correlation with the power consumption," the researchers said.

In a simulated test, it was found that the method allowed for the recovery of a 256-bit ECDSA key from a smart card by analyzing video footage of the power LED flickers via a hijacked Internet-connected security camera.

A second experiment allowed for the extraction of a 378-bit SIKE key from a Samsung Galaxy S8 handset by training the camera of an iPhone 13 on the power LED of Logitech Z120 speakers connected to a USB hub that's also used to charge the phone.

To counter such attacks, it's recommended that LED manufacturers integrate a capacitor to reduce fluctuations in power consumption or by covering the power LED with black tape to prevent leakage.

Ben Nassi, the lead researcher behind the attack technique, has previously devised similar approaches in the past - Lamphone and Glowworm - that employ overhead hanging bulbs and a device's power indicator LED to eavesdrop on conversations.

News URL

https://thehackernews.com/2023/06/researchers-find-way-to-recover.html

#researcher