Note to self - don't add flashing LEDs to any security devices
Perhaps not the most practical of attacks, but still an impressive feat.
From a tech perspective, insanely clever to use modern phones rolling shutter mode to sample significantly more data points.
From a "is this going to cause problems for the average person" perspective - not even close. Requires 65 minutes of recorded, stable footage. The camera must be < 6 feet away if the lights are on, and the cryptography algorithm must be running during that magic hour of recording...
It does enable remote attacks, but only if all very specific requirements are met, and it requires you have access to a camera for a long period of time that is perfectly positioned.
sounds like a job for a hacked cam ;)
Yikes! I wonder how isolated the led has to be to the CPU power supply to prevent this sort of attack!
Placing a capacitor in parallel with the LED should be sufficient to prevent it. That would form a low pass filter when combined with the current limiting resistor for the LED.
The attack is not really practical though. The smart card has to be read for 65 minutes while recording the power LED. The cards are normally only read for a fraction of a second.
Note to self - don't add flashing LEDs to any security devices
Perhaps not the most practical of attacks, but still an impressive feat.
From a tech perspective, insanely clever to use modern phones rolling shutter mode to sample significantly more data points.
From a "is this going to cause problems for the average person" perspective - not even close. Requires 65 minutes of recorded, stable footage. The camera must be < 6 feet away if the lights are on, and the cryptography algorithm must be running during that magic hour of recording...
It does enable remote attacks, but only if all very specific requirements are met, and it requires you have access to a camera for a long period of time that is perfectly positioned.
sounds like a job for a hacked cam ;)
Yikes! I wonder how isolated the led has to be to the CPU power supply to prevent this sort of attack!
Placing a capacitor in parallel with the LED should be sufficient to prevent it. That would form a low pass filter when combined with the current limiting resistor for the LED.
The attack is not really practical though. The smart card has to be read for 65 minutes while recording the power LED. The cards are normally only read for a fraction of a second.