Cybersecurity

5404 readers

81 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago

MODERATORS

[email protected]

Godlike Hack Steals Encrypted Keys by Watching LED From 16 Meters Away (futurism.com)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

18 comments fedilink hide all child comments

Link to the paper: https://eprint.iacr.org/2023/923

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago

I've read the paper, it's really very cool. However there is nothing to worry about in real life. They captured thousands of uses of a smartcard and then used statistical analysis to gleen data used to attack a protocol with known vulnerabilities. In another setup they had a phone right up against the power led, using the roller shutter effect to collect a single point of data at really high speed. The whole thing also depends on a shitty power supply with a led in the main path. Most power supplies these days don't have such a led and if they do it's not always the case they leak data like this.

The circumstances that allow this to work aren't likely to occur in real life. Even if everything is just right, it still requires a way to collect thousands of samples to do the statistical analysis. And then also requires a scheme with known specific vulnerabilities to work.

Very cool research, but don't worry about taping off al your power leds for security reasons.