Conversation

Notices

1. Aral Balkan (aral@mastodon.ar.al)'s status on Thursday, 15-Jun-2023 14:52:40 JST Aral Balkan

   in reply to

   • Dan Goodin

   @dangoodin Excellent article.

   (Meanwhile, John from accounting just wrote down the password he uses everywhere on a post-it note he stuck to his monitor.)

   • Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 15-Jun-2023 14:52:41 JST Dan Goodin

     Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.

     The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached peripheral device—to pull a 256-bit ECDSA key off a government-approved smartcard. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset.

     https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/