Researchers have discovered a new method for extracting encryption keys from smart cards and smartphones using the integrated cameras of iPhones or surveillance systems. By recording videos of power LEDs, which serve as indicators for device activation, attackers can exploit two side channels, accidentally disclosing physical signals emitted by a device while engaged in cryptographic calculations.
Side channels represent a particular attack category that exploits the accidental disclosure of physical signals emitted by a device while engaged in cryptographic calculations. Attackers can collect valuable intelligence by monitoring variables like power consumption, sound patterns, electromagnetic emissions, and operation durations.
Successful exploitation of such information could reveal the secret keys and make the cryptographic algorithm vulnerable. In the first instance of an attack, a surveillance camera with internet connectivity captures a swift video of the power LED indicator on a smart card reader. The researchers managed to extract a 256-bit ECDSA key from the Minerva-utilized smart card that had received government approval by utilizing this new approach.
During a separate attack, the researchers retrieved the private SIKE key belonging to a Samsung Galaxy S8 phone. By directing the camera of an iPhone 13 towards the power LED of a USB speaker connected to the device, they successfully achieved this goal.
Power LEDs are specifically crafted to offer a visual indication, showing the activation or powering of a device. However, it is essential to highlight the limitations of both attacks, which prevent their possibility in many real-world scenarios, although exceptions do exist.
Moreover, the significance of the published research lies in its breakthrough nature, presenting a completely innovative means to enable side-channel attacks. Apart from this, the new method succeeds over the primary challenge that prevents previous approaches from exploiting side channels.
Side-channel attacks, which have been a long-standing threat to cryptographic systems, are a form of attack that relies on physical channels associated with a system rather than its logical design. These attacks take advantage of the fact that the process of computation typically requires the physical storage or movement of information, generating radiation emissions that can be monitored.
In conclusion, this discovery highlights the need for more robust encryption and security measures. This innovation increases the potential for hackers to extract sensitive information and underscores the importance of staying vigilant and updated on the latest security threats. While current limitations prevent these attacks from being feasible under many circumstances, the emergence of new and more advanced techniques raises the possibility that these limitations may be overcome in the future. It emphasizes the need to stay one step ahead of attackers in the never-ending battle for data security.