Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.
The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader—or of an attached peripheral device—to pull a 256-bit ECDSA key off a government-approved smartcard. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset.
@dangoodin Ok so how can I pull a backup of my private keys from my smartcard? I generated them right on card and I'm now scared to use the keys widely as if I lose the card (or it's stolen) I wouldn't be able to use all cryptography bound to that pkey
@ruff @dangoodin This. 👆 Value of this kind of side channel is freeing your own keys from device lock-in.