Comment by housemusicfan

housemusicfan Jun 13, 2023 parent

Minor detail:

> The video must be captured for 65 minutes, during which the reader must constantly perform the operation.

So not only must you be using a compromised brand of smart card (which number in the low single digits), you have to use a cheap Chinese reader and the camera must be focused on card activity for 65 minutes (which would never happen). You have to compromise the camera first.

It would be more effective to use what I term the "Walter Sobchak method" which is during that 65 minute window you "grab the smart card and beat the PIN out of him".

Xylakant Jun 13, 2023

This attack enables something else: quietly and unobtrusively recovering the private key of the card, effectively cloning it without the owner’s knowledge. It would be interesting to know whether the 65 minutes must be continuous or whether 13 times 5 minutes would be sufficient. The latter may be achievable.

housemusicfan OP Jun 13, 2023

The attack claims to recover the private key of an already known compromised make and model of smart card that is known to have side channel leaking mechanisms. The models of which are known susceptible are in the low single digits. It is not an all purpose attack as the clickbait headline would have you believe.

Xylakant Jun 13, 2023

At the moment, this is a theoretical attack using a known to be broken card. But it’s unlikely that this is the only card that is broken. And attacks only get better, never worse, until the theoretical attack graduates to a practical attack. Spectre and Meltdown were long considered theoretical attacks with no practical implications - until they no longer were.

amluto Jun 13, 2023

As I understand it, serious smart cards have been explicitly designed and audited to resist power monitoring attacks. There are fancy consultants who specialize in this sort of thing, and I think the major players use their services.

Xylakant Jun 13, 2023

In 2018, Lithuania replaced a chunk of their ID cards because of a (theoretical) vulnerability in the esignature. Fancy consultants certainly help, but they’re not an invulnerability potion.

hinkley Jun 13, 2023

Or a camera pointed through a door or a blinded window that gets a few moments here and there over a month long period.

the8472 Jun 13, 2023

It's unlikely that this is the only device in existence that has a power side-channel. And attacks get better with time. There are lots of engineers who go "nah, too many conjunctions, this will NEVER happen" when designing some hardware until reality hits them over the head.

Also, the standard for cryptographic security tends to be "better than brute force". 65 minutes to extract a key is orders of magnitude better.

nocsi Jun 14, 2023

> Also, the standard for cryptographic security tends to be "better than brute force". 65 minutes to extract a key is orders of magnitude better.

That's why certain agencies prioritizing collection over real-time cracking. Collect first, worry about the content later. An adversary just need 65 minutes of footage taken at some point - and we live in an age where there are plenty of devices that can passively capture w/ their cameras.

65 minutes is pretty bad. That's several orders of magnitude less than it takes to crack password hashes.

revolvingocelot Jun 13, 2023

I prefer the term "5 dollar wrench attack" [0], per the relevant xkcd.

[0] https://xkcd.com/538/

kobalsky Jun 13, 2023

that comic is an ugly pimple on computer security's ass that keeps coming back.

there's a massive difference between giving away your keys and being compromised without your knowledge.

not to mention that are ways to secure data in a way that different keys yield different valid results with plausible deniability.

This item has no comments currently.