Tuesday, July 23, 2024
EHA

Hackers Can Uncover Cryptographic Keys by Recording Footage of Power LEDs

A shocking discovery has been made by researchers, unveiling an innovative method for extracting covert encryption keys from smart cards and smartphones.

Utilizing the integrated cameras of iPhones or surveillance systems, they record videos of power LEDs, serving as indicators for device activation.

These attacks unveil a new method to take advantage of existing flaws by exploiting two side channels that were already identified.

Hackers Exploit Side-Channel Attacks

In the context of security breaches, side channels represent a particular attack category, exploiting the accidental disclosure of physical signals emitted by a device while engaged in cryptographic calculations.

Attackers can stealthily collect valuable intelligence by closely monitoring variables like power consumption, sound patterns, electromagnetic emissions, and operation durations.

Successful exploitation of such information could reveal the secret keys and make the cryptographic algorithm.

While performing cryptographic operations, in the first instance of an attack, a surveillance camera with internet connectivity captures a swift video of the power LED indicator on a smart card reader.

The researchers managed to extract a 256-bit ECDSA key from the Minerva-utilized smart card that had received government approval by utilizing this new approach.

During a separate attack, the researchers retrieved the private SIKE key belonging to a Samsung Galaxy S8 phone.

By directing the camera of an iPhone 13 towards the power LED of a USB speaker connected to the device, they successfully achieved this goal.

Power LEDs are specifically crafted to offer a visual indication, showing the activation or powering of a device. The complete research paper can be found here.

Limitation of Attacks

It is important to highlight the limitations of both attacks, which prevent their possibility in many real-world scenarios, although exceptions do exist.

Moreover, the significance of the published research lies in its breakthrough nature, presenting a completely innovative means to enable side-channel attacks.

While apart from this, the new method succeeds over the primary challenge that prevents previous approaches from exploiting side channels.

Website

Latest articles

SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN....

Hackers Registered 500k+ Domains Using Algorithms For Extensive Cyber Attack

Hackers often register new domains for phishing attacks, spreading malware, and other deceitful activities. Such...

Hackers Claim Breach of Daikin: 40 GB of Confidential Data Exposed

Daikin, the world's largest air conditioner manufacturer, has become the latest target of the...

Emojis Are To Express Emotions, But CyberCriminals For Attacks

There are 3,664 emojis that can be used to express emotions, ideas, or objects...

Beware Of Fake Browser Updates That Installs Malicious BOINC Infrastructre

SocGholish malware, also known as FakeUpdates, has exhibited new behavior since July 4th, 2024,...

Data Breach Increases by Over 1,000% Annually

The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support...

UK Police Arrested 17-year-old Boy Responsible for MGM Resorts Hack

UK police have arrested a 17-year-old boy from Walsall in connection with a notorious...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles