Cryptographic attack revealed: cameras become hacking tools
The secret keys of smart cards and smartphones could be compromised thanks to an innovative attack that uses video cameras and power LEDs
Researchers have developed an innovative attack that allows the recovery of secret encryption keys contained in smart cards and smartphones. This is accomplished by using iPhone cameras or commercial surveillance systems to record power LEDs, which indicate when the smart card reader or smartphone is turned on.
The evolution of the attack through the lateral channels
These bindings offer a new method of exploiting two previously revealed side channels. A side-channel attack exploits physical losses that occur during a cryptographic operation, such as power consumption, sound, electromagnetic emissions, or the time it takes to complete an operation. By closely monitoring these characteristics, attackers can gather enough information to recover the secret keys that make up the security and confidentiality of a cryptographic algorithm.
New research on the exploitation of lateral canals
On Tuesday, academic researchers presented new research demonstrating bindings that offer a new way to exploit these side channels. The first attack uses an Internet-connected surveillance camera to capture high-speed video of the power LED of a smart card reader or peripheral device during cryptographic operations. While there are limitations that make these attacks unfeasible in many real-world scenarios, the published research is groundbreaking as it provides an entirely new method to facilitate side-channel attacks.
The ease of implementing video-based attacks
Video-based attacks unveiled Tuesday reduce or eliminate those requirements entirely. All that is needed to steal the private key stored on the smart card is an Internet-connected surveillance camera that can be up to 62 feet away from the target reader. Attacking the side channels on the Samsung Galaxy can be done from an iPhone 13 camera already in the same room. This new method removes the biggest obstacle that prevented previously existing methods from exploiting side channels: the need to have instruments such as an oscilloscope, electrical probes or other objects touch or be in close proximity to the attached device.
Video
Follow us on Telegram for more pills like this06/14/2023 13:11
Editorial AI