Researchers have devised a new attack strategy to exfiltrate sensitive information from target devices without physical access. The attack methodology presents video-based cryptanalysis, where an attacker may extract the cryptographic keys of target devices from the video footage of their power LED indicators.
Extracting Cryptographic Keys Via Power LED Videos
According to a recent study, it is possible for an adversary to extract the cryptographic keys of a target device merely by analyzing video footage of the device with its power LED visible in it.
Specifically, this video-based cryptanalysis technique relies on detecting the change in power LED light’s brightness. As the CPU performs cryptographic computations, the subsequent power consumption impacts the brightness of the LED lights.
While these brightness fluctuations seem harmless, a smart attacker can detect and analyze the changes to retrieve secret keys. An attacker may simply record the video of the target device, focusing on the power LED. Then, zooming in the video to fill the frame with the power LED allows exploiting the rolling shutter to increase the sampling rate of the LED color by three magnitudes. Next, analyzing the video frames in the RGB space empowers the adversary to decipher the RGB values and retrieve the secret keys.
In their study, the researchers demonstrated two side-channel cryptanalytic timing attacks. First, they extracted the 256-bit ECDSA key of the target smart card by recording and analyzing the video footage of the smart card reader power LED, obtained from a distant (16 meters away) security camera. (Dubbed as the “Minerva” attack.)
Next, they demonstrated a similar attack on a Samsung Galaxy S8 by exploiting the power LED of a Logitech Z120 USB speaker connected to the same USB Hub as that of the Galaxy S8. The researchers recorded the speaker’s power LED via an iPhone 13 Pro Max. (Dubbed as the “HertzBleed” attack.)
The researchers from the Ben-Gurion University of the Negev, Israel, have shared the following video to demonstrate the attack. Besides, they have described their study in detail in their research paper.
Suggested Countermeasures
The researchers explained that the vulnerabilities exploited in this attack don’t exist in the power LED or other device hardware. Instead, the flaws exist in the existing cryptographic libraries. They found at least six smartcard readers from five different vendors and Samsung Galaxy S8 vulnerable to the demonstrated attacks.
Although, the researchers advise using the most updated cryptographic libraries to prevent the vulnerabilities. However, they do not rule out the possible zero-day flaws in the latest libraries that may facilitate such attacks.
Therefore, the basic prevention against Hertzbleed and Minerva attacks is having no power LEDs in the device. Nonetheless, such attacks are still possible by detecting the power LED of connected peripherals (as demonstrated in the case of Samsung Galaxy S8).
Let us know your thoughts in the comments.