Power LED Attack - Computerphile

Back in the day, the sound of the drive was a powerful debugging tool for programmers.
You could literally hear a bad sort.

Reminds me of the early days, when "transmit" and "receive" status lights were wired directly to those lines, and transmission rates were a lot lower. Data could be intercepted literally just by recording those lights.

I worked for IBM Office Products in 1980. Selectric typewriters bound for US embassies had to have a capacitor and a heavy flywheel installed to prevent powerline analysis of the characters being typed.

Dr. Pound is naturally gifted at explaining things

I was studying cybersecurity in Kyiv Polytechnic. One of the thing they developed in 80s and 90s was a device that can pick up radiation from tube computer monitor and produce near perfect image from another room. This cannot be done with LCD but picking up radiation from computer itself is still valid attack vector (exactly the same principle as mentioned in the video). So there are special radiation blocking boxes that computer should be placed in. They also told us methods of picking up vibrations from window glass to listen to conversations inside. Kinda wish now that I took more of those classes, I was more into math and crypto back then

I saw the paper on this the other day, very cool stuff. I never realized that the rolling shutter meant that a video camera actually captures *more* samples per second than audio recorders at standard audio sample rates. I've always understood that there would be circumstances where electrical leakage could reveal sensitive info, and I've always wondered what precisely was responsible for the flickering of my network switch's LED.. makes sense that these two concepts are related. The missing factor for me was definitely that rolling shutters could give a quick enough sample rate to capture the data needed to do this operation.
Also processing time-based attacks are useful in certain videogame contexts. The one that comes to mind is in Path of Exile, where you can farm certain low percentage things very quickly by paying attention to how long areas take to load: if the area loads quickly, leave and open a new instance of it, because that means none of the additional low-probability things are present; if it takes longer than usual, then the server had to process the generation of those additional things and you should stay in the zone until you find them.

To everyone who writes an "Ah, the fix is easy just do this" comment; the problem isn't this specific vulnerability. The problem that this is one of dozens or hundreds of attack vectors into dozens or hundreds of possible algorithms, each made from thousands of lines of code. And each one showing more hard to imagine ways to utilize side channel information. Any one of them is easy to fix, if you are aware of it. And any diligent software or hardware engineer who is qualified to work on cryptography stuff *will* attempt to fix as many of these issues as they are aware of. It's the "being aware" part and the sheer number of possible issues that's the problem.

Plot twist: The shirt is also a vision-based attack. Your system is now compromised.
/joke, of course

This must explain some readers I've seen which seem to turn off their LED while authenticating. The job of the LED is to advertise to users that the device is powered and working, once cryptography is occurring the LED has already done its job and can be powered off for the brief moment the CPU needs power.

This the Lock Picking Lawyer, and today we’re going to exploit the presence of an LED on this cheap Chinese lock to open it.

this is such creative hacking; i love it! using the rolling shutter effect to sacrifice visual resolution for time resolution is just so ingenious

Wheeeen twooooo....
grids hit your lens
and your sensor does sense
that's a Moirééééé 😀

That is neat. A camera makes sense for static analysis. For a more realtime analysis a photo diode can be used and plugged straight into an oscilloscope. I found one with a 200pS response time for $15 on Digikey (part number 1601-C30737MH-230-80A-ND).

Really enjoyed this video. Started watching computerphile in high school and now I’ve graduated university. I thought I had chosen a nice medium from the course page and videos from my two fave which is art and technology. But as the course got further and further away from what I initially enjoyed, I kind of lost my sense of self in my practice but watching this today I remember why I fell in love with this field in the first place!

Always a fan of Professor Pound! He's a wonderful explainer

This specific attack feels like it would be more reasonable to fix in hardware than software.

A useful application of flickering lights and rolling shutter would be to modulate room lighting so that, say, if a photograph of a secret document was released, you would know exactly where the picture was taken and be able to narrow down suspects.

This reminds me of some work people were doing on generating 3d models using the noises of a 3d printer as it prints.

The attack is so clever ! From the idea of using the LEDs to using the fact that pixels are not synchronized, it's very bright

Loved the shirt! Very trippy.

Adding low-pass filter in form of capacitor will filter out rapid changes in brightness and ruin analysis approach. Also there could be lots of other noise in power signal from power source and converters, other ICs on the same power line, etc. However, the paper gives unusual view angle on hardware, thank you for telling the story, it was interesting to learn of

Finding the actual worst shirt pattern could be a fun video in itself.

My brain exploded from the ingenuity from this paper when I heard the word "rolling shutter", this is peak human ingenuity!

It would suck if someone went through all this effort - making a device to do this analysis, figuring out how to break into the server room... Only for them to find out someone put a capacitor across the LED essentially making this entire attack void.

RF emission may also relate to power consumption, so a simple tranny radio close to the reader may also work.

Great explanation!

The idea of a computer basically announcing "I FOUND A 1!!! I'M GONNA STORE IT SOMEWHERE SUPER SECRET FOR U" is really funny to me

Try a solar cell, small amplifier and speaker, feed the output of the solar panel into the amplifier while pointing the panel at distant car headlights, a lens and enclosure will help to focus the light, you should hear the music that the driver is listening to, the louder they have it the higher the amplitude expressed by their lights. I did this experiment back in the late 1980s with a radioshack solar cell and intercom and a lens while using my own car as the light source the song playing at the time was Boys in town, Divinyls.

Another problem with trying to fix this, is even if the developers of a cryptographic library does take steps to avoid these attacks, they can't always be sure that some consumer of the library won't have something in their toolchain that optimizes away the fix

There are so many attacks like this because you can even end up in situations where the amount of power used is not just based on the number of computations but even the contents of registers etc because a register full of 1s takes more power than one full of zeros

I'm surprised video compression doesn't wreak havoc with this approach.

We were so enthralled by what you had to say that no one noticed the moiré 😊

Really fascinating

Would be interesting if somebody tries to perform this attack on the DNSSEC root key ceremony that is livestreamed to TH-cam. You can actually see the led’s blinking on their HSM when they are putting in their smart cards. Although it is not as zoomed in as the paper suggested.

I would say the shirt is quite thematically appropiate for a video on video-based attacks.

Great video.

I love this magic little hack, with a bit of context, they're basically shouting their secrets.

Just finished another attack vid and this in was in queue, neat.

This is the coolest thing ever!!!

The same group at Ben Gurion University who put out this paper produces quite a lot of research in the same vein. Interesting concepts.

One smoothing capacitor on the LED and the entire attack is all but impossible. Any remaining power fluctuations would be many, many -instructions- operations long. Proper usage in the logic circuitry would also mask it to ridiculously low levels.

A tiny cap between the series resistor and LED would make an effective low-pass filter that would mitigate this. Add a ferrite in series as well to add another tap to the filter.

Wow that was super clever to use the rolling shutter.
As an EE, that means to add more decoupling capacitors to the mcu and led driver circuit. Just one more attack vector to think of

This kind of reminds me of an early chip, the MC6805K1 I used, it only had 512 bytes of flash, so when I wrote some code for it I quickly ran out of space, I ended up with a string of calculations that all got run in a line, one after the other, as there was no room for the conditionals to do otherwise. I just used the results I needed at various times and ignored the others, doing this in a security box as mentioned would help confusing the attackers.
Also many years ago I got a touch close to some gear used by the military for secure comms, it used a shunt mode power supply, so no matter what it was doing it always drew the exact same current, monitoring the power would reveal nothing. They knew all about this one 35+ years ago, so why this modern junk without remidiations known about for like absolute ages.

Well just add artificial noise into the LED so you can easily throw off these attacks!

It's anything but practical. It assumes a lot of things, that the processor does nothing but encryption/decryption all the time or most of the time, that you know what kind of encryption and the specific implementation it uses, that a high resolution, high framerate and a very high zoom camera is available or that you can get into there with a camera of your own and put it right on the led. And by the time you can get close enough with a camera to an led that you can read that leds fluctuation when the device is reading a smart card (seems the only use case for this), you can just yank the card out of that persons hand or something, because you're already suspicious enough. It's interesting, but it's not at all feasible nor practical. It's basically a fun fact.

It's been a long time since I've seen that continuous feed paper, with those perforations on the sides.
Is he still using matrix printers over there?

Reminds me of that side channel attack to an air gapped network using air temperature and ambient air sensors built into the servers.

Super interesting. However, a possible solution for this specific problem is quite easy to get - store both the original value x and the temporary result to an array of 2 (or two registers in assembly). Then on each loop shift the exponent by 1, and extend the LSB to integer to get the index within the array and multiply (no conditional jump required). You will multiply by original number if 0: x * x^t = x^(t+1) or by the temporary result of 1: x^t * x^t = x^(2*t). Not only it is the same number of operations, but uses only one multiplication per loop (but also one additional bitwise-and operation per loop).
Interestingly, there are a lot of problems like this, where writing an algorithm with imperative language, especially using if/else can reveal data to side-channels like the one in this paper, but writing homogeneous implementations (where number of instruction executed on each unit is the same), suitable for the way GPU works avoids this problem.

Could you use one of those wireless amp meters to measure the current itself? No led needed just measure the quiescent current number and compare to every button press.

would you need a different algorithm for that based on if it's in the US or the EU? cause the frequency of the power grid is different so there'd be flickering from that too that you'd need to adjust for no?

last time I worked with hardware was in school but I remember the Routers and switches we used there had 2 flickering lights over every Ethernet port that would flicker if data is transmitted so I was always wondering if they just wired the binary of the data transmitted through the LEDs and if I could read off the package sent by looking at the lights

I've got two ideas off the top of my head to fix this vulnerability, would these work well in practice? I'm aware that more practical approaches have been commented so far but I'm curious whether these are viable at all.
a) for devices like personal computers or servers which usually come with a power led, one could design software that handles cryptographics so that it would also run some junk maths in parallel on another thread because it is typical for these kinds of machines to have more than one core
b) for dedicated small devices like an ATM, or some kind of a peripheral where it could be expected for a cpu to only have a single core, one could design the hardware to accommodate for heightened security because they are expected to handle cryptographics all the time, so it would make sense to put a door in front of the power led and only open it when it is needed to be seen when the machine is repaired, serviced, or under maintenance

So an average gaming computer is just a billboard with your password written all over it 😂

Miele dishwashers don't have anything you can plug a data cable in to: the technician talks to it using blinking LEDs (for logs, status, run counts etc). He uses keeps the reader in place with a magnet.
I think this but if kit is ideal for this attack 😅

Yes, please do a moire pattern video!

This seems like something that while possible in a lab, is impossible in reality. There are many processes running on the hypothetical computer that is performing these computations, and you'd have no way of isolating the processes from a black box perspective. If the attack is just limited to smart card readers, it seems like it's an electrical circuit design problem. Maybe put the led on a capacitor?

"Even I could write that code" That doesn't give me any hope that I could write it Mike! lol

4:52
There are loads of variants of this, including two variants that are in this paper ᵃˡʳᶦᵍʰᵗ
One of the ones in the paper is, how long the signature process takes, for ECC DSA, can divulge, with enough of these, what the secret key is ᵃˡʳᶦᵍʰᵗ
Because basically it informs us of how many leading zeros there are, in the RNG that was used in the signature ᵃˡʳᶦᵍʰᵗ

Power leds used to work different in the old days. (adleast in the Northstar)
It was a led with a RC net work and it is powered from a interupt routine every time interfal.
This would not give a way any internal working and also shows the OS is stil running correct.

So now we are going to get 'secure LEDs' with a capacitor in parallel and a resistor in series? To explain in programming terms, that's functionally a brightness interpolation or low pass filter for led brightness.

The LED are like the different sound that would play when your typed your CC code and the melody played would reveal your code, they got rid of the sound, they can get rid of the LED

Maybe it'll become standard practice to add capacitors to power LEDs to low pass filter these things. I wonder what else you could do to thr circuit to obfuscate the power usage?
Some way to add noise to the led current seems like it'd be useful.

Looking at Mike's hastily wiped whiteboard, I feel like there is a chance of a whiteboard attack.

How is this possible with all the power decoupling happening in electronics?

Programming languages need support for branchless programming: It is not just useful to avoid wrong branch prediction, it is also useful in cryptographic implementations like this exact case of the square multiply algorithm.

Some sort of capacitor would seem to be in order.

Cool video. I started out thinking 'This cannot be done' and ended with 'This is a real issue' ...

I suppose a difficulty with writing code to always do the same thing whatever the input is that general purpose compilers, CPUs, virtual machines etc etc are all engineered to be efficient, meaning if they can detect that code is doing something that provably doesn't affect the "output" (not thinking of side channels as output) they will skip over that code to save time and power.

That's more of an issue with dedicated encryption hardware like smart cards. A modern CPU with let's say 8 cores and hyperthreading is so incredibly noisy that you could never read actual data from it via power consumption. The only thing you can see there are the load insertion and load release transients from really heavy operations like MMX or AVX starting and stopping.

Would adding a large smoothing capacitor to the LED circuit prevent this type of attack?

Surely IRL the server's CPU will be processing multiple threads from different processes at the same time, so unless you know what all those other services/requests are how do you filter it out?
Related(?): I can tell when a compile finishes and whether it was successful from my PC fan.

Every secret leaves a footprint. It is either the. surprise appearance of information, or the surprise lack of information, but a secret is always 'visible'...

The one problem with this is how to know when the processor is processing a crypto task vs something else. CPUs do lots of things besides crypto. Do you just record hours of video then process the data looking for something that resembles a private key?

where do these guys get the printer paper from 1986?

I thought this was going to be about hacking smart devices that had IR receivers on the power LED, but it was way more interesting than I could have expected.

Very interesting.

This is both fascinating and terrifying. But I wonder if it is hard on a hardware level to take care of this. In theory all you have to do is ever so slightly vary the power to the LED continuosly. So that the variance in it's brightness is both random and permanent. Then it is not only harder to tell when the system is doing hard calculations, but it would also scramble the signal on the LED. Maybe an antenna and an operational amplifier could help with that. If the antenna is hooked up to the op-amp. And the op-amp is the last step in the power delivery to the LED, the EM-Field in the area should influence the LED. Should be quite random then.

Brilliant

Amazing, scary but damned interesting.

A lot of photographers will know the problem of using an electronic shutter in a room with LED lighting - depending on the quality of the lighting you can easily get banding in the photo as the rolling shutter makes the the PWM dimming of the LED show up as light and dark bands.
Not great for photos of people at a party - but this is turning it on its head and making the bands the entire point of the photo.

While such an attack is clever, it's less likely to be used "In the wild" so to speak. Of course, its possible when having just physical access to any given device, but then time also can play a big factor as well. Regardless, very interesting.

Power signal analysis as a side channel attack has been a thing for years.

This is insane, I was literally just checking out "Power Analysis Attacks" at the library and now this pops up

No surprise that this is possible in principle, but interesting that a practical implementation was actually demonstrated.
Then again, even things that seem extremely far-fetched can be achieved when an attacker has sufficient motivation and resources!

If a card is read 'flat' just put the LED in the area the card covers to be read, which hides it, and do an audio beep to indicate the card is approved or not. If it is a plug the card in, put the LED under the slot for the card. If it is a slide/swipe, only light an LED if fail or success, not as power on indication.

would love a vid on Moiré patterns and aliasing

Dimming the LED with pulse width modulation will probably mess up this attack rather efficiently, as long as the pulse frequency interferes well enough with the pace of the computations.

I wonder how well some low pass filters in the electronics could do to fix this

just make the LED flicker randomly every time it does something, it both signifies the user that something is indeed happening and it would work around this kinda, unless your random noise generator for the flickering uses the CPU state as input but that's a whole other issue

Power leds are already being used to capture data spesificly the rubber ducky can use the capslock led on the keyboard to gather data

One thing I don’t understand is how an observer would know that the computer is calculating a cryptographic key as opposed to performing some other CPU-intensive operation?

Rich idea thanks

Similarly the noise cooling fans emit leak a lot of data. Fun stuff

Relatedly but maybe more fictional: can you do a video on Van Eck phreaking?

PCI-SIG : You have been told...
PCI-SIG: The 12VHPWR is a side-channel mitigation security feature, never a design flaw.

Hours of research and awesome nerdiness beaten by a decoupling capacitor

Wow!

Desolder the LED. Job done.

This reminds me of Van Eck phreaking and all the delicious paranoia of the Cryptonomicon!