Hackers can steal cryptographic keys by video-recording power LEDs

Researchers have developed a new attack that can recover secret encryption keys stored on smart cards and smartphones. This is done by using cameras on iPhones or commercial surveillance systems to record the power LEDs that indicate when the card reader or smartphone is turned on. This attack provides a new way to exploit two previously disclosed side channels.

Side channels are a type of attack that measures physical effects that leak from a device while it performs a cryptographic operation. By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the time it takes for an operation to occur, attackers can gather enough information to recover secret keys that are essential for the security and confidentiality of a cryptographic algorithm.

One of the oldest known side channels was in a top-secret encrypted teletype terminal used by the US Army and Navy during World War II to transmit communications that couldn't be intercepted by German and Japanese spies. Bell Labs engineers who designed the terminal were surprised to find that it caused readings from a nearby oscilloscope each time an encrypted letter was entered. Although the encryption algorithm in the device was sound, the electromagnetic emissions from the device provided a side channel that leaked the secret key.