this post was submitted on 13 Jun 2023
38 points (100.0% liked)

Technology

38437 readers
34 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
remington
alyaza
TheRtRevKaiser
gyrfalcon
rs5th
coldredlight
SemioticStandard
TheRtRevKaiser@kbin.social
38
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away (arstechnica.com)
submitted 2 years ago by pbjamm to c/technology
9 comments fedilink hide all child comments
top 9 comments
sorted by: hot top controversial new old
[–] Orvanis@lemm.ee 12 points 2 years ago (2 children)

From a tech perspective, insanely clever to use modern phones rolling shutter mode to sample significantly more data points.

From a "is this going to cause problems for the average person" perspective - not even close. Requires 65 minutes of recorded, stable footage. The camera must be < 6 feet away if the lights are on, and the cryptography algorithm must be running during that magic hour of recording...

It does enable remote attacks, but only if all very specific requirements are met, and it requires you have access to a camera for a long period of time that is perfectly positioned.

[–] saint@group.lt 7 points 2 years ago

sounds like a job for a hacked cam ;)

[–] davefischer 1 points 2 years ago

The rolling shutter trick is amazing.

[–] supernovae@readit.buzz 7 points 2 years ago

Note to self - don't add flashing LEDs to any security devices

[–] someguy@lemmyland.com 7 points 2 years ago

Reminds me of LEDs used to extract data out of airgapped networks: https://threatpost.com/blinking-router-leds-leak-data-from-air-gapped-networks/126199/ but different because that one requires software within the airgapped network to exfiltrate.

Didn't there used to be network equipment that was vulnerable to data exfil from data status lights, or did I dream that up? Most data LEDs now just consistently blink.

[–] pbjamm 7 points 2 years ago

Perhaps not the most practical of attacks, but still an impressive feat.

[–] peanuts4life 2 points 2 years ago (1 children)

Yikes! I wonder how isolated the led has to be to the CPU power supply to prevent this sort of attack!

[–] cmnybo@discuss.tchncs.de 5 points 2 years ago

Placing a capacitor in parallel with the LED should be sufficient to prevent it. That would form a low pass filter when combined with the current limiting resistor for the LED.

The attack is not really practical though. The smart card has to be read for 65 minutes while recording the power LED. The cards are normally only read for a fraction of a second.

[–] DRx@lemmy.world 1 points 2 years ago

WOW! This is really cool! Seems a little unrealistic in real world capabilities for now, but very cool. I wonder if phone manufacturers will limit cameras in some way going forward. Kinda reminds me of Sony once had to recall a camera that could see through clothes where something is found to be nefarious later after release due to unintended advances in tech