Saturday, May 24, 2025
HomeCyber Security NewsHackers Can Uncover Cryptographic Keys by Recording Footage of Power LEDs

Hackers Can Uncover Cryptographic Keys by Recording Footage of Power LEDs

Published on

SIEM as a Service

Follow Us on Google News

A shocking discovery has been made by researchers, unveiling an innovative method for extracting covert encryption keys from smart cards and smartphones.

Utilizing the integrated cameras of iPhones or surveillance systems, they record videos of power LEDs, serving as indicators for device activation.

These attacks unveil a new method to take advantage of existing flaws by exploiting two side channels that were already identified.

- Advertisement - Google News

Hackers Exploit Side-Channel Attacks

In the context of security breaches, side channels represent a particular attack category, exploiting the accidental disclosure of physical signals emitted by a device while engaged in cryptographic calculations.

Attackers can stealthily collect valuable intelligence by closely monitoring variables like power consumption, sound patterns, electromagnetic emissions, and operation durations.

Successful exploitation of such information could reveal the secret keys and make the cryptographic algorithm.

While performing cryptographic operations, in the first instance of an attack, a surveillance camera with internet connectivity captures a swift video of the power LED indicator on a smart card reader.

The researchers managed to extract a 256-bit ECDSA key from the Minerva-utilized smart card that had received government approval by utilizing this new approach.

During a separate attack, the researchers retrieved the private SIKE key belonging to a Samsung Galaxy S8 phone.

By directing the camera of an iPhone 13 towards the power LED of a USB speaker connected to the device, they successfully achieved this goal.

Power LEDs are specifically crafted to offer a visual indication, showing the activation or powering of a device. The complete research paper can be found here.

Limitation of Attacks

It is important to highlight the limitations of both attacks, which prevent their possibility in many real-world scenarios, although exceptions do exist.

Moreover, the significance of the published research lies in its breakthrough nature, presenting a completely innovative means to enable side-channel attacks.

While apart from this, the new method succeeds over the primary challenge that prevents previous approaches from exploiting side channels.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...