BH USA 23 & DEFCON 31
Exploiting a Video Camera's Rolling Shutter to Recover Secret Keys from Devices Using Video Footage of Their Power LED
Ben Nassi, Etay Iluz, Ofek Vayner, Or Cohen, Dudi Nassi, Boris Zadov, Yuval Elovici
Cornell Tech Ben-Gurion University of the Negev
We were able to recover secret keys from non-compromised devices using video footage of their power LED obtained by commercial video cameras.
In this paper, we present video-based cryptanalysis, a new method used to recover secret keys from a device by analyzing video footage of a device’s power LED. We show that cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device’s power LED. Based on this observation, we show how attackers can exploit commercial video cameras (e.g., an iPhone 13’s camera or Internet-connected security camera) to recover secret keys from devices. This is done by obtaining video footage of a device’s power LED (in which the frame is filled with the power LED) and exploiting the video camera’s rolling shutter to increase the sampling rate by three orders of magnitude from the FPS rate (60 measurements per second) to the rolling shutter speed (60K measurements per second in the iPhone 13 Pro Max). The frames of the video footage of the device’s power LED are analyzed in the RGB space, and the associated RGB values are used to recover the secret key by inducing the power consumption of the device from the RGB values. We demonstrate the application of video-based cryptanalysis by performing two side-channel cryptanalytic timing attacks and recover: (1) a 256- bit ECDSA key from a smart card by analyzing video footage of the power LED of a smart card reader via a hijacked Internet-connected security camera located 16 meters away from the smart card reader, and (2) a 378-bit SIKE key from a Samsung Galaxy S8 by analyzing video footage of the power LED of Logitech Z120 USB speakers that were connected to the same USB hub (that was used to charge the Galaxy S8) via an iPhone 13 Pro Max. Finally, we discuss countermeasures, limitations, and the future of video-based cryptanalysis in light of the expected improvements in video cameras’ specifications.
Recovering ECDSA Key from Smartcard using Video Footage of the Smartcard Reader's Power LED obtained using an Internet-connected video camera
Using an Internet-connected video camera
from a smartcard reader located 16 through a double layer glass
A few seconds of the video we used
to recover the key
from a smartcard reader located 5.5 meters away (through a double layer glass)
Recovering SIKE Key from Samsung Galaxy S8 using Video Footage of the Logitech Z120 USB Speakers' Power LED obtained using iPhone 13 Pro Max
Recording the power LED of the connected USB speakers
One of the videos that we used to recover the key
Q: Why power LEDs can be exploited for the purpose of cryptanalysis?
A: The intensity/color of the power LEDs can be used to detect the beginning and end of cryptographic operations. This can be done because the intensity/brightness of a device's power LED (in many electrical circuits) correlates with its power consumption (which is affected by the CPU operations).
This is caused by the fact that the power LED is connected directly to the power line of the electrical circuit which lacks effective means (e.g., filters, voltage stabilizers) of decoupling the correlation with the power consumption.
Q: What is the difference between video-based cryptanalysis and prior methods to conduct cryptanalysis?
A: We show that the combination of vulnerable cryptographic algorithms (i.e., that are vulnerable to cryptanalytic side-channel attacks) and vulnerable power LEDs (i.e., that their color/brightness leak information) can be exploited by attackers to recover secret keys in a weaker threat model with respect to SOTA methods used to conduct cryptanalysis.
Q: Why do you consider the threat model weaker/easier with respect to SOTA methods used to conduct cryptanalysis?
A: Video-based cryptanalysis allows attackers to recover secret keys using commonly used sensors (video cameras) instead of a dedicated professional sensor (e.g., scope, EMR) without compromising the target device with malware.
Q: Is the origin of the vulnerability in the power LED?
A: No. The origin of the vulnerabilities is in the cryptographic libraries.
However, power LEDs provide the infrastructure needed to exploit the vulnerability visually.
Q: What is the best way to prevent the two demonstrated attacks?
A: Use the most updated cryptographic libraries available.
Q: Why did you choose to demonstrate the HertzBleed and Minerva attacks?
A: These two attacks were recently discovered (HetzBleed - 22, Minerva - 20).
They remind us that even recent cryptographic libraries may be vulnerable.
Q: Assuming I use the most updated cryptographic libraries, am I still at risk?
A: We cannot say for sure because maybe some 0-day vulnerabilities exist in the code of the most updated cryptographic libraries. Remember that somewhere in the past, the known vulnerable cryptographic libraries were considered the most updated libraries.
Q: Which devices are vulnerable to video-based cryptanalysis?
A: At least six smartcard readers manufactured by five manufacturers sold on Amazon are vulnerable to a direct attack. Samsung Galaxy S8 is vulnerable to an indirect attack.
Q: Are there additional devices vulnerable to video-based cryptanalysis?
A: Most likely.
Q: Why do attackers need to obtain video footage filled with the LED of the target device?
A: Cryptanalysis requires a high sampling rate.
By filling the frame with the LED, attackers exploit the rolling shutter to increase the number of measurements of the color/intensity of the LED by three orders of magnitude from the FPS rate (60 measurements per second) to the rolling shutter's speed (60K measurements per second in iPhone 13 Pro Max). A sampling rate of 60k can provide the needed sampling rate to attack functional IoT devices (smartphones, smartcards, TV streamers, etc.).
Q: Assuming a device with no power LED, do you still consider it at risk?
A: The fact that the device does not contain an integrated power LED prevents attackers to recover secret keys directly from its power LED. However, attackers might be able to recover the secret key from the device using video footage obtained from a power LED of a connected peripheral (an indirect attack).
Q: How did you come up with the idea to conduct cryptanalysis using power LEDs?
A: We played a lot with light in the context of confidentiality in recent years (see Lamphone, and The Little Seal Bug). We tested the bandwidth of power LEDs in prior research where we were able to recover audible speech from the light emitted from the power LEDs of various devices.
Based on the findings of this research we already knew that a device's power consumption correlates with the intensity of power LED.
The idea to exploit a video's camera rolling shutter in order to increase the sampling rate (to a sufficient sampling rate that can be exploited for cryptanalysis) came from the beautiful Visual Microphone research.