Video recording is enough
Crazy hack: Researchers crack chip cards and smartphones from a distance of 16 meters – with a camera
The signal lights on card terminals reveal whether they are currently working – but much more
© Peopleimages / Getty Images
Encryption is one of the most important security measures of the digital age. A group of researchers has now succeeded in reading the keys from chip cards and smartphones from a distance. A camera was enough.
It sounds like a scene from a spy movie. While a person is using the smartphone or holding a chip card to the reader, someone is secretly filming. And can then crack the encryption of the card or smartphone from the recording. A group of researchers has now succeeded in doing just that. All they needed was a clear view of the equipment’s signal light.
This is shown by a study presented at a security conference in San Francisco. The group, made up of researchers from three US universities, succeeded in evaluating the flickering of the devices’ LED lights in such a way that the crypto key could be read out. In their experiments, a recording from a standard security camera or an iPhone was sufficient.
Telltale flicker
What sounds completely crazy is simply based on a combination of known security gaps. For example, it was discovered last year that the power consumption of processors reveals exactly what they are currently calculating. At the same time, the light of connected LEDs flickers depending on how much power the device is currently consuming. In combination, the encryption process within the device can be read from the flickering of the tiny LEDs from the outside.
This has been impressively demonstrated in several experiments. A Samsung phone and a standard card reader were filmed at a distance of between 1.80 and 16 meters. With the recordings, they captured tiny color changes in the LEDs, which are hardly or not at all visible to humans, which were triggered by the changing voltage. This is made possible by what is known as the rolling shutter of modern cameras: instead of taking a complete picture, they build up the picture line by line. Because they only had to capture the hue, the researchers were able to use this procedure to read out over 60,000 data points from what were actually only 60 to 120 frames per second. And then use these changes to calculate the crypto keys.
Spies with off-the-shelf goods
The fact that encryption processes can be read out via the power fluctuations caused by them is not new. It was already known from an encryption technique used in the Second World War that it triggered signals in nearby oscillographs. Most recently, in 2019 and 2022, ways were discovered to read security cards and processors. But only if you connect them with special equipment.
This is exactly what the new method makes unnecessary. The possible use of a security camera is particularly worrying. After all, many of the cameras have long been connected to the Internet. If a hacker succeeds in taking over the camera from a card terminal, he could theoretically use it to read the card’s encryption.
Little suitable for everyday use
However, there is no reason to fear that this will also happen in practice, at least in the near future. The research group’s method currently requires very specific conditions in order to function reliably. In order to be able to read the card reader’s LED correctly, for example, you need at least 65 minutes of recordings in which cards are actively used. For access from the maximum distance, the light in the room must also be switched off so that the color changes of the LEDs are captured well enough. A utopian condition in practice. With the light switched on, the distance for usable shots drops to 1.80 meters. In addition, the card readers must be vulnerable to one of the known decryption methods. This was the case for all six models tested, but it should be the exception in areas that are particularly relevant to security.
The researchers are of course also aware of the limitations. “One of the key findings of our study is that you don’t have to connect anything to collect data, you don’t have to connect additional hardware,” team leader Ben Nassi told Ars Technica. “No intervention is needed. You can use common devices like a smartphone to launch the attack.”
Over time, the method could be further simplified, and more precise measurements through advances in camera technology are also conceivable. Until then, however, there is still time to implement the countermeasures devised by the researchers. They recommend, for example, that manufacturers refrain from using LEDs that allow conclusions to be drawn about the computing activity of the devices. They advise customers to use an even simpler protection method: covering the LED with an opaque adhesive strip.
Sources:study, Ars Technica