By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm.
The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached peripheral device—during cryptographic operations. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset, in a similar way to how Hertzbleed pulled SIKE keys off Intel and AMD CPUs.
So now you know, cover the LEDs etc when you're using a keypad, or better still, cover it with your hat and peek through the side. This is exactly why we used to wear hats!
See
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away#
technology #
hacking #
vulnerability #
security Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.