Security researchers have used the video camera of an iPhone 13 Pro Max to steal a cryptographic key from a Samsung Galaxy S8 smartphone.
Researchers from the Ben-Gurion University of the Negev in Israel have detailed video-based cryptanalysis as a “new method used to recover secret keys from a device by analysing video footage of a device’s power LED.”
“We show that cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device’s power LED,” they said in a paper titled ‘Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED’.
Based on the observation, they found that attackers can exploit commercial video cameras (an iPhone 13’s camera or Internet-connected security camera) to recover secret keys from devices.
This is done by obtaining video footage of a device’s power LED (in which the frame is filled with the power LED) and exploiting the video camera’s rolling shutter to increase the sampling rate by three orders of magnitude from the FPS rate (60 measurements per second) to the rolling shutter speed (60,000 measurements per second in the iPhone 13 Pro Max).
The frames of the video footage of the device’s power LED are analysed in the RGB space, and the associated RGB values are used to recover the secret key by inducing the power consumption of the device from the RGB values.
The researchers, Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov and Yuval Elovici, demonstrated the application of video-based cryptanalysis by performing two side-channel cryptanalytic timing attacks and recover.
One was a 256-bit ECDSA key from a smart card by analysing video footage of the power LED of a smart card reader via a hijacked Internet-connected security camera located 16 metres away from the smart card reader.
The second trick was a 378-bit SIKE key from a Samsung Galaxy S8 by analysing video footage of the power LED of Logitech Z120 USB speakers that were connected to the same USB hub (that was used to charge the Galaxy S8) via an iPhone 13 Pro Max.
The researchers were able to demonstrate how secret keys could be harvested from non-compromised devices using video recorded by consumer-grade video cameras.
20230619-104005