|
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Just when you thought certain things were secure, some smart people prove you wrong.
Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on. Full explanation from Ars here: https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/ But, this video done by the researchers explains things simply and clearly. <iframe width="560" height="315" src="https://www.youtube.com/embed/ITqBKRZvS3Y" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe> |
Cool but something i would lose less than zero sleep over.
|
That's super cool and impressive. Not going to be an issue against us, but will probably be used by or against govts or possibly companies or maybe very specific targets. Granted, in most circumstances, this is probably one of the harder ways to get access/info.
|
There are scammers that walk around public places with RFID sniffers for credit cards.
I'm now putting my car keys in a double aluminum fold at night to prevent 'man in middle' unlocking/activation. My understanding is every car after 2014 with the 'shark fin' antenna has remote tracking with altering vehicle systems/operations. Not sure why this isn't disclosed and illegal.... It seems like Subaru disabled this, at least in Massachusetts. https://arstechnica.com/cars/2023/06/feds-tell-automakers-not-to-comply-with-mass-right-to-repair-law/ |
:confused:
Maybe my next degree should be in electronics. :confused: |
Quote:
|
Wait till AI becomes predictive to the point of causing (or allowing) desired outcomes.
|
Quote:
Use it everywhere you can. Phone and watch contactless pay is a unique string every single transaction and is only valid for the current transaction. Won't matter if it's ever sniffable, anything you'd get would be useless before the person walks away from the register. |
Quote:
|
While I'm not any kind of a hacker, nor do I work elsewhere in the business - but when I was doing vulnerability assessments for some "interesting" parts of our US strategic defense stockpile we took a completely unclassified weeklong course from Joe Grand, one of Bunnie Huang's disciples. I'm only a simple country metallurgist by training (i.o.w. not a sparky) but at the end of the week I, and my colleagues, all agreed that we want to go live in a cave somewhere with tinfoil hats and underwear.
That introductory level showed that if you can get "hands-on" you own the device and its data. About the same time, sidechannel was becoming a big deal - but then you had to get close enough to almost get "hands-on" so it seemed to be a cool party trick. Also, typically to do a SS attack there needed to be additional, and unwelcome, software on the data-donor device. Time moves on, and at least from the ars article this looks kind of legit and useful in the real world. (until somebody discovers black electrical tape) Certainly more so than the whole "OMG they can read your CRT screen (remember those) just from EM emissions". That kind of turned out to be a sham. |
|
Quote:
My Tahoes had their own number and cell plan. So while technically yes it is “tracking” there is nothing nefarious going on. |
| All times are GMT -8. The time now is 03:30 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website