Power LED Surveillance-How Hackers Steal Cryptographic Keys from Afar

Power LED Surveillance: How Hackers Steal Cryptographic Keys from Afar

Avatar photoByFrank H

If you think your cryptographic keys are safe from hackers, think again. A recent study has shown that hackers can steal your keys by video-recording the power LEDs on your devices from up to 60 feet away. This is a serious threat that could compromise your data and privacy. But don’t worry, I’m here to help you. In this blog post, I will explain how this attack works, how to detect it, and how to prevent it. I have the expertise and experience to guide you through this complex topic and help you protect your keys from hackers.

The attack exploits the fact that power LEDs emit light pulses that correspond to the electrical fluctuations of the device. By recording these pulses with a high-speed camera and applying signal processing techniques, hackers can recover the bits of the cryptographic keys that are being processed by the device. This attack can work on any device that has a power LED, such as laptops, desktops, routers, or smart TVs.

You might be wondering how likely it is that hackers would use this attack against you. Well, the answer is not very reassuring. This attack is relatively easy to perform, requires low-cost equipment, and can be done from a safe distance. Moreover, it can bypass many common security measures, such as encryption, authentication, or firewall. That’s why you need to be aware of this threat and take action to protect your keys. In the next sections, I will show you how to do that in simple and effective ways.

How hackers can steal your keys by video-recording power LEDs

You might think that your cryptographic keys are safe inside your smart cards or smartphones, but hackers have found a clever way to steal them by using cameras to video-record the power LEDs on your devices.

In a paper published in June 2023(source), researchers from the University of California, San Diego, and the University of Maryland, College Park, demonstrated a new attack that can recover secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.

This is a new type of side-channel attack that exploits the physical effects that leak from a device when it performs a cryptographic operation. A side-channel attack is a technique that allows an attacker to recover secret information by observing some physical characteristic of a device, such as its power consumption, sound, electromagnetic emissions, or timing. For example, in 2008, researchers showed how they could recover the encryption key of a US Army teletype terminal used during World War II by measuring the electromagnetic emissions from the device.

The power LED attack is a novel variation of a power side-channel attack, which measures the power consumption of a device during cryptographic operations. The power consumption varies depending on the bits of the key that are being processed, and these variations are reflected in the intensity of the power LED that indicates when the device is turned on. By recording these light pulses with a high-speed camera and applying signal processing techniques, hackers can recover the bits of the cryptographic keys.

This attack can work on any device that has a power LED, such as laptops, desktops, routers, or smart TVs. It can also work on devices that have an attached peripheral device with a power LED, such as a smart card reader or a USB hub. The attack does not require physical access to the device or any special equipment. It can be performed from a distance of up to 60 feet away using an iPhone camera or a commercial surveillance camera.

The power LED attack can bypass many common security measures, such as encryption, authentication, or firewall. It can also work on different types of cryptographic algorithms, such as RSA, ECC, or post-quantum SIKE. The attack is relatively easy to perform and requires low-cost equipment. It is a serious threat that could compromise your data and privacy.

Another similar attack that uses power LEDs to spy on conversations is called Glowworm. This attack exploits the fact that power LEDs flicker slightly due to changes in voltage as the speakers consume electrical current. By capturing these flickers with a photodiode and converting them into an electrical signal, hackers can recover the sound that is being played by the speakers. This attack can work on any device that has speakers and power LEDs connected directly to the power line without any countermeasures. It can also be performed from a distance of up to 60 feet away using an optical zoom lens.

These attacks show how hackers can use power LEDs to spy on your devices and steal your secrets. In the next section, we will show you how to detect if you are being targeted by these attacks and how to prevent them.

How to detect if you are being targeted by this attack

Detecting if you are being targeted by the power LED attack is not easy, as the attack is passive and does not require any physical access to your device or any special equipment. However, there are some signs that you can look for to determine if you are at risk or not.

  • Check your surroundings. The attacker needs to have a clear line of sight to your device’s power LED or the power LED of an attached peripheral device. This means that they need to be in a position where they can point a camera at your device without being noticed. Look for any suspicious people or vehicles near your location that might have a camera or a telescope. Also, check for any windows or reflective surfaces that might allow the attacker to see your device from a distance.
  • Check your device. The attacker needs to capture the light pulses from your device’s power LED during cryptographic operations. This means that they need to know when you are using your device for encryption or decryption. Check if your device has any indicators that show when it is performing cryptographic operations, such as a sound, a message, or a different color of the power LED. If so, be careful when using your device for sensitive tasks and cover the power LED with tape or a sticker.
  • Check your network. The attacker might try to trigger cryptographic operations on your device by sending you malicious messages or requests. For example, they might send you an encrypted email or a secure web link that requires you to use your smart card or smartphone to decrypt it. Check if you receive any unexpected or suspicious messages or requests from unknown sources and do not open them or click on them.
SignDescription
SurroundingsLook for any suspicious people or vehicles near your location that might have a camera or a telescope. Also, check for any windows or reflective surfaces that might allow the attacker to see your device from a distance.
DeviceCheck if your device has any indicators that show when it is performing cryptographic operations, such as a sound, a message, or a different color of the power LED. If so, be careful when using your device for sensitive tasks and cover the power LED with tape or a sticker.
NetworkCheck if you receive any unexpected or suspicious messages or requests from unknown sources that require you to use your device for encryption or decryption and do not open them or click on them.

These signs are not conclusive, but they can help you assess your level of risk and take appropriate measures to protect yourself. In the next section, we will show you how to prevent hackers from stealing your keys by video-recording power LEDs.

How to prevent hackers from stealing your keys by video-recording power LEDs

Preventing hackers from stealing your keys by video-recording power LEDs is not impossible, but it requires some awareness and precautions. Here are some tips that you can follow to protect yourself from this attack:

  • Cover the power LED. The simplest and most effective way to prevent this attack is to cover the power LED of your device or the power LED of an attached peripheral device with tape or a sticker. This will block the light pulses from being captured by the camera and prevent the key recovery. You can also use a non-transparent case or a shield to cover the power LED.
  • Use a different device. If possible, use a different device that does not have a power LED or has a power LED that is not affected by the power consumption of the device. For example, you can use a device that has a battery-powered power LED or a power LED that is connected to a separate circuit that does not vary with the cryptographic operations.
  • Use a different algorithm. If possible, use a different cryptographic algorithm that does not produce noticeable variations in the power consumption of the device. For example, you can use an algorithm that has constant-time operations or constant-power operations that do not depend on the bits of the key.
  • Use countermeasures. If possible, use some countermeasures that can reduce or eliminate the correlation between the power consumption of the device and the power LED intensity. For example, you can use some techniques such as masking, blinding, shuffling, or noise injection that can randomize or obfuscate the power consumption of the device.
TipDescription
Cover the power LEDBlock the light pulses from being captured by the camera by covering the power LED with tape or a sticker.
Use a different deviceUse a device that does not have a power LED or has a power LED that is not affected by the power consumption of the device.
Use a different algorithmUse an algorithm that does not produce noticeable variations in the power consumption of the device.
Use countermeasuresUse some techniques that can reduce or eliminate the correlation between the power consumption of the device and the power LED intensity.

These tips can help you prevent hackers from stealing your keys by video-recording power LEDs. However, they are not foolproof and they might not be applicable or available in all situations. Therefore, you should also be aware of other types of side-channel attacks that hackers might use to spy on your devices and steal your secrets.

How to secure your devices and data from other types of attacks

The power LED attack is not the only type of side-channel attack that hackers can use to spy on your devices and steal your secrets. There are many other types of side-channel attacks that exploit different physical characteristics of your devices, such as sound, electromagnetic emissions, or timing. These attacks can target different components of your devices, such as processors, memory, or sensors. These attacks can also work on different types of devices, such as laptops, smartphones, smartwatches, or IoT devices.

To secure your devices and data from other types of attacks, you need to be aware of the potential threats and take some general precautions. Here are some tips that you can follow to protect yourself from other types of side-channel attacks:

  • Update your software. The software that runs on your devices can have vulnerabilities that hackers can exploit to launch side-channel attacks. For example, hackers can use software bugs to trigger cryptographic operations on your device and then measure the power consumption or the timing of the device. To prevent this, you should always update your software to the latest version and apply any security patches that are available.
  • Use encryption. Encryption is a technique that scrambles your data so that only authorized parties can read it. Encryption can protect your data from being stolen or tampered with by hackers. However, encryption is not enough to prevent side-channel attacks, as hackers can still try to recover the encryption keys by observing the physical effects of the device. To prevent this, you should use encryption algorithms that are resistant to side-channel attacks or use countermeasures that randomize or obfuscate the encryption process.
  • Use authentication. Authentication is a technique that verifies the identity of a party before allowing access to data or services. Authentication can prevent hackers from impersonating you or accessing your data without your permission. However, authentication is not enough to prevent side-channel attacks, as hackers can still try to recover the authentication keys or passwords by observing the physical effects of the device. To prevent this, you should use authentication methods that are resistant to side-channel attacks or use countermeasures that randomize or obfuscate the authentication process.
  • Use firewall. Firewall is a technique that monitors and controls the network traffic between your device and other devices or servers. Firewall can prevent hackers from sending malicious messages or requests to your device that might trigger cryptographic operations or leak information through side channels. However, firewall is not enough to prevent side-channel attacks, as hackers can still try to capture the network traffic between your device and other devices or servers and analyze it for side-channel information. To prevent this, you should use firewall methods that encrypt or anonymize the network traffic or use countermeasures that randomize or obfuscate the network traffic.
TipDescription
Update your softwareUpdate your software to the latest version and apply any security patches that are available.
Use encryptionUse encryption algorithms that are resistant to side-channel attacks or use countermeasures that randomize or obfuscate the encryption process.
Use authenticationUse authentication methods that are resistant to side-channel attacks or use countermeasures that randomize or obfuscate the authentication process.
Use firewallUse firewall methods that encrypt or anonymize the network traffic or use countermeasures that randomize or obfuscate the network traffic.

These tips can help you secure your devices and data from other types of attacks. However, they are not foolproof and they might not be applicable or available in all situations. Therefore, you should also be aware of the latest developments and trends in cybersecurity and stay vigilant for any signs of compromise.

Conclusion and recommendations

Now we have learned how hackers can steal your keys by video-recording power LEDs on your devices from up to 60 feet away. We have also learned how hackers can use power LEDs to spy on your conversations from up to 100 feet away. These are new types of side-channel attacks that exploit the physical effects that leak from your devices when they perform cryptographic operations.

We have also learned how to detect if you are being targeted by these attacks and how to prevent them. We have also learned how to secure your devices and data from other types of side-channel attacks that exploit different physical characteristics of your devices, such as sound, electromagnetic emissions, or timing.

However, we should not be complacent and think that we are safe from these attacks. Hackers are always looking for new ways to spy on your devices and steal your secrets. Therefore, we should always be aware of the potential threats and take some general precautions. Here are some recommendations that you can follow to protect yourself from side-channel attacks:

  • Be careful what you do with your devices. Do not use your devices for sensitive tasks or store sensitive data on them if you are in a public or untrusted place. Do not leave your devices unattended or exposed to anyone who might have a camera or a telescope. Do not open or click on any unexpected or suspicious messages or requests that might trigger cryptographic operations on your devices.
  • Be careful what you say near your devices. Do not have any private or confidential conversations near your devices if you are in a public or untrusted place. Do not speak loudly or clearly near your devices if you do not want anyone to hear what you are saying. Do not play any music or audio near your devices if you do not want anyone to know what you are listening to.
  • Be careful what you connect to your devices. Do not connect any peripheral devices that have power LEDs to your devices if you do not need them. Do not connect any untrusted or unknown peripheral devices to your devices if you do not know what they do. Do not connect any wireless or Bluetooth peripheral devices to your devices if you do not trust the network or the source.
  • Be careful what you install on your devices. Do not install any software that is not from a trusted or verified source on your devices. Do not install any software that requires excessive permissions or access to your device’s resources on your devices. Do not install any software that might contain malware or spyware on your devices.
RecommendationDescription
Be careful what you do with your devicesDo not use your devices for sensitive tasks or store sensitive data on them if you are in a public or untrusted place. Do not leave your devices unattended or exposed to anyone who might have a camera or a telescope. Do not open or click on any unexpected or suspicious messages or requests that might trigger cryptographic operations on your devices.
Be careful what you say near your devicesDo not have any private or confidential conversations near your devices if you are in a public or untrusted place. Do not speak loudly or clearly near your devices if you do not want anyone to hear what you are saying. Do not play any music or audio near your devices if you do not want anyone to know what you are listening to.
Be careful what you connect to your devicesDo not connect any peripheral devices that have power LEDs to your devices if you do not need them. Do not connect any untrusted or unknown peripheral devices to your devices if you do not know what they do. Do not connect any wireless or Bluetooth peripheral devices to your devices if you do not trust the network or the source.
Be careful what you install on your devicesDo not install any software that is not from a trusted or verified source on your devices. Do not install any software that requires excessive permissions or access to your device’s resources on your devices. Do not install any software that might contain malware or spyware on your devices.

These recommendations can help you protect yourself from side-channel attacks and other types of cyberattacks. However, they are not foolproof and they might not be applicable or available in all situations. Therefore, you should also keep yourself updated with the latest developments and trends in cybersecurity and stay vigilant for any signs of compromise.

I hope that this blog post has been informative and helpful for you. If you have any questions, comments, or feedback, please feel free to leave a comment below. Thank you for reading and stay safe!

(Visited 21 times, 1 visits today)
Avatar photo

Frank H. is a passionate information security practitioner. He was the earliest MCSE in 1995 and has more than 30 years of IT industry experience. He partners with Microsoft as a solution provider and security advisor for governments. He recently became a digital nomad and now travels the world with his family while fighting cyber adversaries.

Similar Posts

Behind the Firewall: VPNs as Lifelines for Modern-Day Journalists

Behind the Firewall: VPNs as Lifelines for Modern-Day Journalists

Avatar photoByFrank H

On a raining and cold afternoon, in the porch of my house in San Jose, California. I was having coffee with an old friend who’s a seasoned journalist, and she casually mentioned how crucial VPNs are for her line of work. That conversation opened my eyes to how journalists and activists navigate the digital landscape…

Is Bitwarden Secure? Unraveling the Google Ads Phishing Attack on Password Vaults

Is Bitwarden Secure? Unraveling the Google Ads Phishing Attack on Password Vaults

Avatar photoByFrank H

If you use Bitwarden as your password manager, you may have heard about the recent phishing attack that targeted its users through Google ads. You may be wondering: is Bitwarden safe to use? How can you protect yourself from such attacks? And what are the best practices for using a password manager securely? In this…

Leave a Reply