- cross-posted to:
- technology@beehaw.org
- cross-posted to:
- technology@beehaw.org
You must log in or register to comment.
Perhaps not the most practical of attacks, but still an impressive feat.
Note to self - don’t add flashing LEDs to any security devices
Reminds me of LEDs used to extract data out of airgapped networks: https://threatpost.com/blinking-router-leds-leak-data-from-air-gapped-networks/126199/ but different because that one requires software within the airgapped network to exfiltrate.
Didn’t there used to be network equipment that was vulnerable to data exfil from data status lights, or did I dream that up? Most data LEDs now just consistently blink.
Yikes! I wonder how isolated the led has to be to the CPU power supply to prevent this sort of attack!
Placing a capacitor in parallel with the LED should be sufficient to prevent it. That would form a low pass filter when combined with the current limiting resistor for the LED.
The attack is not really practical though. The smart card has to be read for 65 minutes while recording the power LED. The cards are normally only read for a fraction of a second.
