Study finds that the blinking of power LEDs can also reveal passwords
In a ingenious side-channel attack, a group of academics has discovered that device keys can be cracked by analyzing changes in the device's power LED indicator.
In a study, researchers at Ben-Gurion University of the Negev and Cornell University said that cryptographic calculations performed by the CPU change the power consumption of the device, which affects the brightness of the device's power LED. By exploiting this observation, an attacker could use a video camera device, such as a networked security camera, to extract the encryption key from a smart card reader.
Specifically, video-based cryptanalysis is accomplished by acquiring video clips of rapidly changing LED brightness and capturing the physical emission using the camera's rolling shutter effect. This is due to the fact that the power LEDs are directly connected to the circuit's power lines, and the circuit lacks an effective means (e.g., filters, regulators) to decouple the correlation with power consumption, the researchers said.
In a simulation test, the researchers recovered a 256-bit ECDSA key from a smart card by analyzing video footage of the power LED flashing captured by a hijacked connected security camera.
A second experiment extracted a 378-bit SIKE key from a Samsung Galaxy S8 phone by filming the iPhone 13's camera against the power LED of a Logitech Z120 speaker connected to a USB hub that was also used to charge the phone.
This type of attack operates in a non-intrusive manner, either relying on physical proximity or via the Internet to steal the encryption key. This also leads to some limitations of the method, which requires the camera to be placed at a certain distance and to be able to see the power LED directly, and the recording duration must not be less than 65 minutes.
This study reveals a power consumption-based bypass channel capable of compromising sensitive information that can be used for cryptanalysis. To counter this attack, LED manufacturers are advised to integrate capacitors to reduce fluctuations in power consumption.
