Tuesday, May 6, 2025
HomeCyber Security NewsHackers Can Uncover Cryptographic Keys by Recording Footage of Power LEDs

Hackers Can Uncover Cryptographic Keys by Recording Footage of Power LEDs

Published on

SIEM as a Service

Follow Us on Google News

A shocking discovery has been made by researchers, unveiling an innovative method for extracting covert encryption keys from smart cards and smartphones.

Utilizing the integrated cameras of iPhones or surveillance systems, they record videos of power LEDs, serving as indicators for device activation.

These attacks unveil a new method to take advantage of existing flaws by exploiting two side channels that were already identified.

- Advertisement - Google News

Hackers Exploit Side-Channel Attacks

In the context of security breaches, side channels represent a particular attack category, exploiting the accidental disclosure of physical signals emitted by a device while engaged in cryptographic calculations.

Attackers can stealthily collect valuable intelligence by closely monitoring variables like power consumption, sound patterns, electromagnetic emissions, and operation durations.

Successful exploitation of such information could reveal the secret keys and make the cryptographic algorithm.

While performing cryptographic operations, in the first instance of an attack, a surveillance camera with internet connectivity captures a swift video of the power LED indicator on a smart card reader.

The researchers managed to extract a 256-bit ECDSA key from the Minerva-utilized smart card that had received government approval by utilizing this new approach.

During a separate attack, the researchers retrieved the private SIKE key belonging to a Samsung Galaxy S8 phone.

By directing the camera of an iPhone 13 towards the power LED of a USB speaker connected to the device, they successfully achieved this goal.

Power LEDs are specifically crafted to offer a visual indication, showing the activation or powering of a device. The complete research paper can be found here.

Limitation of Attacks

It is important to highlight the limitations of both attacks, which prevent their possibility in many real-world scenarios, although exceptions do exist.

Moreover, the significance of the published research lies in its breakthrough nature, presenting a completely innovative means to enable side-channel attacks.

While apart from this, the new method succeeds over the primary challenge that prevents previous approaches from exploiting side channels.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...