Power LED Attack - Computerphile

Back in the day, the sound of the drive was a powerful debugging tool for programmers.
You could literally hear a bad sort.

sean_vikoren

Reminds me of the early days, when "transmit" and "receive" status lights were wired directly to those lines, and transmission rates were a lot lower. Data could be intercepted literally just by recording those lights.

DataCabe

Dr. Pound is naturally gifted at explaining things

russell

I worked for IBM Office Products in 1980. Selectric typewriters bound for US embassies had to have a capacitor and a heavy flywheel installed to prevent powerline analysis of the characters being typed.

BatterOrWurst

I was studying cybersecurity in Kyiv Polytechnic. One of the thing they developed in 80s and 90s was a device that can pick up radiation from tube computer monitor and produce near perfect image from another room. This cannot be done with LCD but picking up radiation from computer itself is still valid attack vector (exactly the same principle as mentioned in the video). So there are special radiation blocking boxes that computer should be placed in. They also told us methods of picking up vibrations from window glass to listen to conversations inside. Kinda wish now that I took more of those classes, I was more into math and crypto back then

Gvozd

I saw the paper on this the other day, very cool stuff. I never realized that the rolling shutter meant that a video camera actually captures *more* samples per second than audio recorders at standard audio sample rates. I've always understood that there would be circumstances where electrical leakage could reveal sensitive info, and I've always wondered what precisely was responsible for the flickering of my network switch's LED.. makes sense that these two concepts are related. The missing factor for me was definitely that rolling shutters could give a quick enough sample rate to capture the data needed to do this operation.

Also processing time-based attacks are useful in certain videogame contexts. The one that comes to mind is in Path of Exile, where you can farm certain low percentage things very quickly by paying attention to how long areas take to load: if the area loads quickly, leave and open a new instance of it, because that means none of the additional low-probability things are present; if it takes longer than usual, then the server had to process the generation of those additional things and you should stay in the zone until you find them.

seedmole

To everyone who writes an "Ah, the fix is easy just do this" comment; the problem isn't this specific vulnerability. The problem that this is one of dozens or hundreds of attack vectors into dozens or hundreds of possible algorithms, each made from thousands of lines of code. And each one showing more hard to imagine ways to utilize side channel information. Any one of them is easy to fix, if you are aware of it. And any diligent software or hardware engineer who is qualified to work on cryptography stuff *will* attempt to fix as many of these issues as they are aware of. It's the "being aware" part and the sheer number of possible issues that's the problem.

Pystro

This must explain some readers I've seen which seem to turn off their LED while authenticating. The job of the LED is to advertise to users that the device is powered and working, once cryptography is occurring the LED has already done its job and can be powered off for the brief moment the CPU needs power.

shufflecat

This the Lock Picking Lawyer, and today we’re going to exploit the presence of an LED on this cheap Chinese lock to open it.

Huvada

this is such creative hacking; i love it! using the rolling shutter effect to sacrifice visual resolution for time resolution is just so ingenious

gloverelaxis

Plot twist: The shirt is also a vision-based attack. Your system is now compromised.

/joke, of course

SystemBD

That is neat. A camera makes sense for static analysis. For a more realtime analysis a photo diode can be used and plugged straight into an oscilloscope. I found one with a 200pS response time for $15 on Digikey (part number 1601-C30737MH-230-80A-ND).

seeigecannon

A useful application of flickering lights and rolling shutter would be to modulate room lighting so that, say, if a photograph of a secret document was released, you would know exactly where the picture was taken and be able to narrow down suspects.

threeMetreJim

This specific attack feels like it would be more reasonable to fix in hardware than software.

ReidBallardIII

Wheeeen
grids hit your lens
and your sensor does sense
that's a Moirééééé 😀

oresteszoupanos

Really enjoyed this video. Started watching computerphile in high school and now I’ve graduated university. I thought I had chosen a nice medium from the course page and videos from my two fave which is art and technology. But as the course got further and further away from what I initially enjoyed, I kind of lost my sense of self in my practice but watching this today I remember why I fell in love with this field in the first place!

orange_leaf

The attack is so clever ! From the idea of using the LEDs to using the fact that pixels are not synchronized, it's very bright

allvods

Always a fan of Professor Pound! He's a wonderful explainer

xystem

This reminds me of some work people were doing on generating 3d models using the noises of a 3d printer as it prints.

Antymatters

Adding low-pass filter in form of capacitor will filter out rapid changes in brightness and ruin analysis approach. Also there could be lots of other noise in power signal from power source and converters, other ICs on the same power line, etc. However, the paper gives unusual view angle on hardware, thank you for telling the story, it was interesting to learn of

DmitryKiktenko