Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/dangoodin/statuses/110537324710337596">Dan Goodin (dangoodin@infosec.exchange)'s status on Wednesday, 14-Jun-2023 05:04:56 JST</a><a href="https://infosec.exchange/@dangoodin" title="dangoodin@infosec.exchange"><img src="https://gnusocial.jp/avatar/92418-48-20240105201020.webp" width="48" height="48" alt="Dan Goodin" style="position: absolute; left: 0; top: 0;">Dan Goodin</a></section><article><p>Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.</p><p>The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached peripheral device—to pull a 256-bit ECDSA key off a government-approved smartcard. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset.</p><p><a href="https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/" rel="nofollow noreferrer">https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1650812#notice-3247860">In conversation</a><time datetime="2023-06-14T05:04:56+09:00" title="Wednesday, 14-Jun-2023 05:04:56 JST">Wednesday, 14-Jun-2023 05:04:56 JST</time> <span>from <span><a href="https://infosec.exchange/@dangoodin/110537324710337596" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@dangoodin/110537324710337596">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Dan Goodin (dangoodin@infosec.exchange)'s status on Wednesday, 14-Jun-2023 05:04:56 JST Dan Goodin
Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.
The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached peripheral device—to pull a 256-bit ECDSA key off a government-approved smartcard. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset.
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
In conversationWednesday, 14-Jun-2023 05:04:56 JST from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice