this post was submitted on 17 Jun 2023
38 points (95.2% liked)
Cybersecurity
5677 readers
112 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Power fluctuations on a USB hub indicate power draw and can be directly related to data sent over the bus. I can totally believe this.
This video explains the method in more detail: https://youtu.be/ITqBKRZvS3Y
With the help of this video I found their paper. So: In order to compromise the smart card reader, they hooked up their own hardware to it and caused it to perform 10,500 signature operations while they carefully measured the brightness of the LED. For the Samsung private key attack, they're applying in a novel way an already-known timing attack caused by an interaction between the crypto library and the power-saving features of the processor. They threw large numbers of carefully crafted cryptographic operations at the CPU to cause it to change its voltage and power characteristics in ways it's not supposed to, which they then detected at a distance by observing the speaker's LED, which led them to be able to deduce the private key.
It's still extremely impressive and 100% valid research. But, I feel that "if we have access to the hardware / ability to attack the software at length, and in addition we can watch the LEDs, the LEDs can help with the attack operation we conduct" is a little different than what the article made it sound like.
Yeah, I pulled the paper as well since I was curious. As far as I understand it, for the card reader, they use the data they get from the LED to help with solving the key. The LEDs leak crucial information about each encryption calculation and some specific calculations give away more info than others so they had to capture many key exchanges. Not super useful in most cases but it demonstrates a novel way to observe leaked info.
I'll add a link to the paper to the post for easier access.
Sounds good to me. Like I say it's still extremely impressive; there's no need to omit the "and they also did a conventional attack at the same time which the LED helped with" part for it to be a great story.