A shocking discovery has been made by researchers, unveiling an innovative method for extracting covert encryption keys from smart cards and smartphones.
Utilizing the integrated cameras of iPhones or surveillance systems, they record videos of power LEDs, serving as indicators for device activation.
These attacks unveil a new method to take advantage of existing flaws by exploiting two side channels that were already identified.
In the context of security breaches, side channels represent a particular attack category, exploiting the accidental disclosure of physical signals emitted by a device while engaged in cryptographic calculations.
Attackers can stealthily collect valuable intelligence by closely monitoring variables like power consumption, sound patterns, electromagnetic emissions, and operation durations.
Successful exploitation of such information could reveal the secret keys and make the cryptographic algorithm.
While performing cryptographic operations, in the first instance of an attack, a surveillance camera with internet connectivity captures a swift video of the power LED indicator on a smart card reader.
The researchers managed to extract a 256-bit ECDSA key from the Minerva-utilized smart card that had received government approval by utilizing this new approach.
During a separate attack, the researchers retrieved the private SIKE key belonging to a Samsung Galaxy S8 phone.
By directing the camera of an iPhone 13 towards the power LED of a USB speaker connected to the device, they successfully achieved this goal.
Power LEDs are specifically crafted to offer a visual indication, showing the activation or powering of a device. The complete research paper can be found here.
It is important to highlight the limitations of both attacks, which prevent their possibility in many real-world scenarios, although exceptions do exist.
Moreover, the significance of the published research lies in its breakthrough nature, presenting a completely innovative means to enable side-channel attacks.
While apart from this, the new method succeeds over the primary challenge that prevents previous approaches from exploiting side channels.
A newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to…
The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 - Core Update…
A sophisticated new red team technique dubbed "RemoteMonologue" has emerged, enabling attackers to remotely harvest…
The OpenSSH team has announced the release of OpenSSH 10.0 on April 9, marking an important milestone…
Palo Alto Networks has disclosed a medium-severity vulnerability (CVE-2025-0127) in its PAN-OS software, enabling authenticated…
Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal…