[Cryptography] Side channels strike again
Jerry Leichter
leichter at lrw.com
Wed Jun 14 09:15:49 EDT 2023
By using the rolling shutter on an iPhone or video camera, the authors show they can increase the the effective sampling rate of a zoomed-in photo of a power LED to 60K/second. This is sufficient to see the power variations due to cryptographic operations. They manage to read the keys out of a smart card reader from 60 feet away using the LED on the reader, and from a Samsung phone by monitoring the LED on a set of connected speakers connected to a USB hub that was also being used to charge the phone.
Video and link to paper at https://www.nassiben.com/video-based-crypta
Many years ago, there was a paper showing that you could read the data flowing through a router from across the street by watching LED's configured to blink in synchrony with the line. People quickly learned to turn the LED's away from the window, and newer routers had fixes, in particular, not driving the LED directly from the line but from a low-rate sample, which gives the human eye the same ability to see activity without revealing (much) information. This one's going to be harder - if you can read data off the hub, billions of devices that are unlikely to be replaced quickly are vulnerable.
-- Jerry
More information about the cryptography
mailing list