Xylakant parent
This attack enables something else: quietly and unobtrusively recovering the private key of the card, effectively cloning it without the owner’s knowledge. It would be interesting to know whether the 65 minutes must be continuous or whether 13 times 5 minutes would be sufficient. The latter may be achievable.
The attack claims to recover the private key of an already known compromised make and model of smart card that is known to have side channel leaking mechanisms. The models of which are known susceptible are in the low single digits. It is not an all purpose attack as the clickbait headline would have you believe.
At the moment, this is a theoretical attack using a known to be broken card. But it’s unlikely that this is the only card that is broken. And attacks only get better, never worse, until the theoretical attack graduates to a practical attack. Spectre and Meltdown were long considered theoretical attacks with no practical implications - until they no longer were.
As I understand it, serious smart cards have been explicitly designed and audited to resist power monitoring attacks. There are fancy consultants who specialize in this sort of thing, and I think the major players use their services.