Researchers have made a significant breakthrough in the field of cybersecurity by discovering a new method to exploit side channels and retrieve secret encryption keys stored in smart cards and smartphones.
The first attack involves an Internet-connected surveillance camera, which records a high-speed video of the power LED on a smart card reader or an attached peripheral device during cryptographic operations. By employing this technique, the researchers successfully extracted a 256-bit ECDSA key from a government-approved smart card, similar to the ones used in Minerva. In the second attack, the private SIKE key of a Samsung Galaxy S8 phone was recovered by training the camera of an iPhone 13 on the power LED of a connected USB speaker.
This approach resembles how Hertzbleed retrieved SIKE keys from Intel and AMD CPUs. Power LEDs are designed to indicate device activity and emit varying shades of blue or violet light based on power consumption.
While these attacks have limitations that may render them infeasible in some real-world scenarios, they mark a groundbreaking development in side-channel attacks. Most notably, these new methods overcome a major obstacle faced by previous techniques—the requirement for instruments like oscilloscopes or electric probes to be in close proximity to the targeted device. In the case of Minerva, the compromised device hosting the smart card reader was necessary to obtain precise measurements.
Conversely, Hertzbleed did not rely on a compromised device but still necessitated 18 days of continuous interaction with the vulnerable device to retrieve the private SIKE key. Other side channels, such as the one in a World War II encrypted teletype terminal, often demand specialized and costly equipment to be attached or positioned near the targeted device. The video-based attacks introduced in this research significantly reduce or eliminate such requirements. Only an Internet-connected surveillance camera within a 62-feet range of the targeted reader is needed to steal the private key from a smart card.
Similarly, an iPhone 13 camera present in the same room can perform the side-channel attack on a Samsung Galaxy handset.
Videos demonstrating the video-capture process of a smart card reader and a Samsung Galaxy phone during cryptographic operations are available here and here, respectively. As explained by Ars, “To the naked eye, the captured video looks unremarkable.” However, by analyzing the video frames and examining different RGB values in the green channel, an attacker can detect the beginning and end of a cryptographic operation.
Overall, this research opens up new avenues for side-channel attacks. Though there are limitations to these attacks, their significance lies in providing an alternative method to exploit side channels without the need for specialized equipment in close proximity to the targeted devices.
The implications of this breakthrough in cybersecurity warrant further exploration and considerations for enhancing the protection of sensitive information.