In what’s an ingenious side-channel attack, a group of academics has found that it’s possible to recover secret keys from a device by analyzing video footage of its power LED.
“Cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device’s power LED,” researchers from the Ben-Gurion University of the Negev and Cornell University said in a study.
By taking advantage of this observation, it’s possible for threat actors to leverage video camera devices such as an iPhone 13 or an internet-connected surveillance camera to extract the cryptographic keys from a smart card reader.
Specifically, video-based cryptanalysis is accomplished by obtaining video footage of rapid changes in an LED’s brightness and exploiting the video camera’s rolling shutter effect to capture the physical emanations.
images from Hacker News