Power LED Side-Channel Attack

This is a clever new side-channel attack:

The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­—or of an attached peripheral device—­during cryptographic operations. This technique allowed the researchers to pull a 256-bit ECDSA key off the same government-approved smart card used in Minerva. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset, in a similar way to how Hertzbleed pulled SIKE keys off Intel and AMD CPUs.

There are lots of limitations:

When the camera is 60 feet away, the room lights must be turned off, but they can be turned on if the surveillance camera is at a distance of about 6 feet. (An attacker can also use an iPhone to record the smart card reader power LED.) The video must be captured for 65 minutes, during which the reader must constantly perform the operation.


The attack assumes there is an existing side channel that leaks power consumption, timing, or other physical manifestations of the device as it performs a cryptographic operation.

So don’t expect this attack to be recovering keys in the real world anytime soon. But, still, really nice work.

More details from the researchers.

Posted on June 19, 2023 at 6:52 AM33 Comments


tom/wh June 19, 2023 8:56 AM

Winter, see section VII, “Countermeasures”. It lists 3 methods: “Using a capacitor” (“the capacitor would behave as a low-pass filter”); “Using an operational amplifier (OPAMP)”; and, of course, “placing black tape over a device’s power LED”.

I think this is more an “improved” attack than a “new” one. Didn’t we see data recovered from modem transmit/receive LEDs like 20 years ago? But I couldn’t easily find a paper, and don’t see it in the references (that section being, incidentally, quite frustrating to read; someone really screwed up the capitalization, leading to stuff like “Rsa” and “ip”).

Joe D June 19, 2023 9:33 AM

If I had seen a movie where a computer was hacked via spying on the power LED, I’d have laughed at it.

I guess I’m just not paranoid enough…

Peter A. June 19, 2023 10:10 AM

Many years ago, still being a student, I got employed by the university’s computing/networking unit as a junior sysadmin along with a few friends (the Rector
decided to rejuvenate the staff, rightly so). The server room had old-fashioned steel frame doors with glass, one of them going out on a publicly accessible corridor
(used to move the equipment in and out). You could see the equipment racks through it,
including the 9600 bps modem that was the window to the world. Painting over the glass
was one of the first activities of our cleaning these Augean stables.

Yeah, one of our pastime between the (mostly) boring university courses was reading
English “spooky” books.

TimH June 19, 2023 10:12 AM

The decoupling on the smart card reader must be terrible for this to work. This approach exploits poor hardware design.

Arclight June 19, 2023 2:02 PM

This attack has been possible with modems, serial terminals and similar devices for a long time. The main issue is that the simplest way to make the TX/RX lights or “Activity” indicator work is to put an LED between the data line and power or ground. This sort of thing become a problem because LEDs can turn on and off very, very fast. They can carry meaningful data that can be recovered if you use a high-speed camera or a photo-diode to capture it.

Clive Robinson June 19, 2023 2:06 PM

@ Winter, Tom/wh,

Re : Electronics and analogue fails.

“Low-pass filtering of the power-LED?”

“Using a capacitor” (“the capacitor would behave as a low-pass filter”); “Using an operational amplifier (OPAMP)”

It’s a bit more complicated than that as it’s a “Power” not “Signal” issue so “a bulk effect”.

In effect when the CPU activity goes up with a security function, the power supply voltage dips in low / minimized cost “Bill Of Materials”(BOM) systems.

Most digital circuits are very “non linear” when operating close to the power supply rails or logic thresholds.

One cause of significant issues is “clamping Diodes” as the effective “signal voltage rises” upto or beyond the “power supply voltage” when it dips, a clamp diode draws more current quite suddenly. Due to inductance, impedence and capacitance of PCB traces the issues spread out across the board into other signal lines and “541t happens”.

If you put a capacitor in the wrong place or in the wrong way, this makes the problem worse not better (as several books on EMC will tell you).

The clamp effect also causes the voltage on the ground circuitry to jump as well getting into other parts of the circuit. Things like Op-Amps “need stable refrences” if they don’t get them then the Op-Amp having incredibly high gain will magnify a microvolt signal significantly and the resulting current draw at the rails and output can be massive in comparison.

Worse because engineers want “low current” / long battery life etc, then that Op-Amp refernce will be via very high value resistors and a capacitor to ground. To an AC signal on the ground that decoupling capacitor will have a very low impedence… Thus couple that ground noise right into the voltage refrence. Thus the input into the Op-Amp will be effectively large enough to cause some circuits to “crash into the end stops” or power supply rails and draw lots of current.

And so it goes on.

The trick is to minimise the rapid movment of charge, and remrmber that much of the circuit is realy not just analogue but differential as well…

Dealing with this properly requires more of, and better quality of, thus more expensive components. Especially capacitors that are often the first target in “BOM reduction” excercises.

Thus the “Bill Of Materials”(BOM) for a “secure system” that would normally be more significantly compared to an “insecure system” gets “hacked back” and what was secure is not anymore…

As has been pointed out repeatedly in the past on this site and many other places “nobody want’s to pay for security” especially when “insecure is so much less expensive”…

So expect to see other “low cost” vulnerabilities to get found, demonstrated, make a little news, and from then on get ignored for a decade, when someone discovers it yet again…

As I point out,

“The ICT industry, especially ICTsec, apparently never learns from even it’s living history, so the same mistakes reappear over and over.”

Phillip June 19, 2023 2:20 PM

Ah; original source, this one. Awesome. Incidentally, I had not seen Hertzbleed, specifically. Important to get to the heart of the matter. Next, active emitter lens filtering for forward secrecy? To never emit to some truth.

Clive Robinson June 19, 2023 3:07 PM

@ Arclight,

Re : Speed of detection

“They can carry meaningful data that can be recovered if you use a high-speed camera or a photo-diode to capture it.”

Or even a “photo-multiplier tube”.

Back some years ago –end of last century– over at Cambridge Computer labs I think it was Markus Kuhn who took a telescope, connected a photo-multiplier, and pointed it out a window. By using the light reflected of a painted office wall in an adjacent building, recovered enough information from the “rising edge” effect of the computer display.

This gave rise to the design of TEMPEST “soft fonts” for which there is an FAQ,

Soft Tempest – Frequently Asked Questions


Chelloveck June 19, 2023 4:15 PM

@TimH “This approach exploits poor hardware design.” Ah, I see you’re already familiar with the motto of the Side-Channel Attack club…

lurker June 19, 2023 4:42 PM

@Clive Robinson, All

When I saw the first comment on the Squid thread, I thought that would be an unlikely attack on a tungsten filament behind a di/refracting glass bezel. So this is not so much

“the ICT industry not learning from its history”

as it grasping at shiny new trinkets (led panel lights) without stopping to ask

“are there any possible downsides?”

And yes I know the Germans were using tungsten filaments in a wireless battlefield telephone in WW2.

Clive Robinson June 19, 2023 4:56 PM

@ Joe D, ALL,

Re : Paranoia is all in the observers mind.

“I guess I’m just not paranoid enough…”

Maybe, maybe not, we are “creatures of our environment” part of which is what our peers say or imply about us…

Back in the 1970’s and 1980’s by just a little of what our host @Bruce used to call “hinky thinking” I worked out so many ways to attack “systems” it got to the point where I could not look at anything without working out one or more often many ways to abuse it to advantage.

This was mostly not “computer systems” but everyday systems such as how you as an employee could safely take expensive stock items out of a supermarket by exploiting the disposal of packing waste.

How to fake fingerprints, and more importantly beat most standard forensic systems tests.

Being able to easily see how things could be used to harm people, I became more cautious in what I did, after all if I could work it out so could others…

My caution was so much so, that people for several decades accused me of being paranoid or a conspiracy nut… Even those who payed me a lot of money for sophisticated systems I developed to do surveillance, still thought I was paranoid…

On one occasion my sense of what I see as caution stopped me suffering from a nasty fate… The then UK Prime Minister had personaly decided I should suffer[1] for her convenience and profit… (do I need repeat the old saying about power and corruption?).

So yes whilst I’ve sailed close to the wind many times, I’ve always done it in ways that were not going to come back to haunt me.

Others who at the time thought my behaviours were paranoid were not as cautious… Now most of what I was doing four decades in the name of caution, is now considered the minimum you should be doing in self protection. As for those others in some cases they ended up wishing they had been as paranoid / cautious as I was…

The sad thing is they could see what I could see and I’d tell them what I saw as the implications of it. They however thought nobody would do such things thus found out the hard way that asking,

“Why would anybody do that?”

Was the wrong question, and the one they should have been asking was,

“Why wouldn’t somebody make benifit / profit from doing that?”

So, just a difference in outlook nothing more, between those thinking you are “paranoid”, and others thinking you are “dead meat, let’s eat”…

Remember the stories of Idi Amin “having a Hamburger for dinner” where the rest of the man from Hamburg ended up in the freezer…

There realy are those claiming to be “Nigerian Generals” and similar who will eat you alive if they can[3]…

[1] I’ve talked about it before but simply the state owned “British Telecom”(BT) had been not just incompetent but lied about it in the press. I could prove they were lying and wrote an article to be published on BT Prestel about it. I received several increasingly insistant invitations to “demonstrate” in front of BT personnel… As I’d written up the instructions quite clearly I became deeply suspicious. A legal friend and likewise my boss at the time both said I should ask for a written contract and payment in advance to see if they would bite[2]… When told that’s the minimum I would agree to they stoped “inviting”. A short while later a couple of people I knew who I warned thought I was paranoid so got arressted for “fraud” after demonstrating an even worse security fault with BT Prestel. Well I got told fairly recently that “Cabinate papers” showed that “Mad Maggie” wanted me thrown into prison, because she was selling off BT and wanted nothing to effect the share price… Hence the “bring me his head” order…

[2] My legal friend explained their reasoning, which was none of the invitations had been either direct or in writing, so if BT’s intent was honest, they would haggle over money and terms in writting. If however BT had ulterior motives, then they would know a contract and received payment would cover me in any potential legal action civil or criminal. The fact they stopped immediately after it was raised without any haggling gave their game away, so I simply walked away and chalked it up to experience.

[3] The “magic” of cannibalism is little different than in the belief in rhino horn and similar. The idea is that if you take in part of a powerfull animal or person then you gain their mystical strengths, vigor, vitality and even youth or other desird trait if accompanied by the right spell. Actually there is no cure for that sort of madness, or the one that follows the practice. Even though there is clear medical evidence of prion disease resulting, thus actual brain rotting madness of CJD etc, people believe what they want, not what is true,


Ted June 19, 2023 5:49 PM

The video must be captured for 65 minutes, during which the reader must constantly perform the operation.

The software had to trigger 10,500 sign operations to recover the ECDSA key. The next paper I need to read is “The curse of ECDSA nonces.”😊

The researchers set up some meticulous experiments to learn how to interpret LED signals recorded with everyday devices.

I wonder how quickly they’d be able to adapt their research to new vulnerability in a cryptographic library.

Clive Robinson June 19, 2023 5:54 PM

@ lurker,

“I thought that would be an unlikely attack on a tungsten filament”


I’ve used tungsten filament bulbs to send audio signals across sizable distances.

The light intensity of any filament bulb over a small range responds quite rapidly over an upto 10% output from the brightest setting.

Yes it’s quite nonlinear but it works.

At much lower tempratures the resistive characteristics of a filament bulb can make it very usefull in Oscilator and Amplifier circuits for “amplitude limiting / stabalising”,


Such filament bulbs are still actively being researched,


It was not just Wien and similar oscilators that used filament bulbs. Teleprinter circuits had filament limiters that you could see the light intensity change on as trafic got sent. Which is why those for military use had metal as opposed to glass envelopes, which made “fault testing” harder as an 80-0-80 line might not have much current but sure had “wake the dead” kick.

Mexaly June 19, 2023 8:07 PM

It was impossible only until it was hard.
It will be hard only until it is easy.
Thus it has been and shall always be.

Jon June 20, 2023 12:26 AM

Smoothing is not actually going to solve your problem, although it will make life more difficult for the observer. Even smoothed data will show a change in derivative every time the input changes.

Better ideas include things like “injecting garbage”: Having your LED flicker in random ways;

Or “removing data” – Imagine a power LED that flickers on a 5% duty cycle – for 95% of the time it won’t transmit any information at all. Make the flicker on-time shorter than the processing time, and the attacker will never get the whole thing. That’s also plenty fast enough to look like a solid light to any human being.

Similar tricks could be used on TX/RX LEDs, if they merely indicate the first bit of the frame (or even the pre-amble) and no more.


Erdem Memisyazici June 20, 2023 1:30 AM

These scientists spent so much time trying to figure out whether or not they could they forgot to ask whether they should.

I thought the same way for a while and realized there is no stopping dedicated hackers to protect your privacy without first losing your privacy to another team which also somewhat defeats the purpose if they aren’t lawbound to be arrested upon failure.

Not everyone wants to live like a security researcher.

In my opinion we need better baseline technical measures and policy. I saw a laptop you can’t easily open and is shielded from EM interference fairly well used by a security researcher and wondered why aren’t all laptops made that way?

If an evil maid needs solvents to get into my laptop that makes me feel better. Simple screen filters that block the field of view of the monitor could also be baseline and polarized screenfilters aren’t that expensive last I checked.

I’d love to see a computer/phone commercial bragging about real security features rather than showing me a computer generated underground bunker safe and a giant padlock to sell me on the feeling instead.

lurker June 20, 2023 2:48 AM

@Erdem Memisyazici
[mitigating features] “aren’t that expensive last I checked.”

“Aren’t that expensive” is a subjective variable, subject that is to the free market, where many people would like their stuff if not for free, then at least for the minimum price. Will there be enough people willing to pay for those features to make it worthwhile for somebody to actually build and sell them? I suspect the answer in general is no. Sure you have seen some examples in the field, but those are priced well beyond average commercial units, and are used by security gurus. For the rest of us, I am reminded of Alfred E Neuman (Mad Comics): “What, me worry?”

Clive Robinson June 20, 2023 3:38 AM

@ Mexaly, Erdem Memisyazici, ALL,

“Thus it has been and shall always be.”

That is the consequence of,

1, The physical laws of the universe.
2, The intangible laws of mathmatics.
3, Humans being human.

The first alows “the drip” the second makes “the puddle” which alows “the dam” to be built then burst…

“Not everyone wants to live like a security researcher.”

Nor do most wish to live as saints or hermits with vows of poverty and chastity.

Which means at some point they will all do something that can be used against them, even if it’s to just shame them in the public eye for profit.

But as with “Witchhunts” of old any indiscretion no matter how lawfull could get used to “burn you”. Because there is an evil above all others that lives within us, we call it “Public Opinion”. It is “a beast that has to be fed” and “once roused can only be saited by blood”. If denied it’s feast, “it will turn on any at hand”. Such is the nature of blood sports and righteous ferver.

It’s the reason we have the rule “Innocent untill proven guilty” and in the British legal systems various laws to prevent “trial by media”, which is oh so common in the US.

A few days ago the murders of four students in Moscow Idaho were mentioned here because of a technical surveillance activity that effects all mobile phone users.

The thing is the information is confused and may not even be usable let alone admissable as even circumstantial evidence.

But we could talk about it because as court records show, a US lawfirm representing US MSM without regard to victims their families, friends or others, got a court issued reporting ban lifted. All so the MSM could start a highly profitable feeding frenzy under the pretence of “The public have the right to know”. Now “armchair detectives” are leaping out of couch potato existances to grab their keyboards and mobile phones to try to grab five minuties of fame at someone’s expense.

But you can see the unstated official “US Attitude” with,

‘”Everyone wants answers… we want to give those answers as soon as we can,” Moscow Police Chief James Fry told ABC News on Wednesday, adding that some details must be withheld to protect the investigation.’

Note only “to protect the investigation”… not victims, friends, family or any others that get fingers pointed at them by anyone with a finger to point. People whos lives are being destroyed by “The hysteria for profit” of repeated “Media Circus Trials” before anyone gets credible evidence against them presented in a lawful trial. Which of course will be tainted because all the jury members will have been tainted by the MSM feeding frenzy at some point.

Now of course all those Databases on and behind the Internet will “forever hold” not just all the names, but addressess, education and work histories. Your name and mine will get linked and be found by a search… But studies have shown that around 4 out of 5 of those records contain false information, let alone incorrect or misleading information.

How will we be effected in the future by that?

We don’t know, nor can we, and society is in no way ready for this “new world” where we have no defence even against things that are provably not true.

So if you don’t want “to live like a security researcher” saint or hermit, what actually needs to change is not the technology, but society, it’s mores, morals, ethics, legislation, and regulation.

I started to see the issue four decades ago and did “live like a security researcher” in some respects and got called paranoid or a conspiracy theory believer… The fact I pointed out that “The laws of physics alowed” and that “Human nature would likewise alow” did not change their minds…

Now people are increasingly starting to live more stringently than I did, are they paranoid or cautious?

I will say that by now it should be clear for all who chose to look to see,

“Technology will always be used for harm unless society dictates otherwise, not accepting this is sleepwalking into a trap.”

Clive Robinson June 20, 2023 4:06 AM

@ Ted,

Re : Is your probability even?

“The next paper I need to read is “The curse of ECDSA nonces.”;-)”

Ah the “n word”[1] for the strange concept of “a random number used once”… That is “don’t put the ball back in the urn after drawing it”.

But how do you achieve it? when there are not enough grains of sand on Earth to use each as a numbered ball and get even close to the number needed for security…

There are to many eyes, simple ways, but under test all of them fail. It actually is a game for which complexity via determanism realy is required in quite some depth.

Perhaps as the next subject, but with more than reading just one paper 😉

Our host @Bruce has written atleast a book on the subject and he is by no means the only one…

[1] The word has atleast two meanings in the UK, the most prevelent is not the “random number used once” but as the purjative for someone who is undesirably attracted to children for gratification. Thus as a word it gets put in quite a few “Not Suitable For Work” watch lists, as well as making this web page disappear in “great firewalls” operated by conniving service providers at the behest of disreputable politicians on the make and worse.

John Tillotson June 20, 2023 9:06 AM

OK, so a strip of electrical tape to cover up any LEDs on security-sensitive systems is necessary as part of the Blue Team toolkit.

Got it.

Leon Theremin June 20, 2023 10:07 AM

@John Tillotson

There will be no computing freedom until the silicon trojans embedded in all US designed CPUs are removed.

If you want freedom, you will have to ensure that no unseen radiation is enabling remote control of your devices.

Ask me anything about BadBIOS and hardware trojans.

Winter June 20, 2023 10:42 AM

@Leon Theremin

There will be no computing freedom until the silicon trojans embedded in all US designed CPUs are removed.

Do not discount all other countries doing the same. So you will have to burn your own RISC-V CPUs in your own foundry. And diverse cross compile all your compilers [1].

Not sure there will be time left to do anything useful.

[1] ‘https://dwheeler.com/trusting-trust/

modem phonemes June 20, 2023 11:28 AM

@ Winter @Leon Theremin

The hardware side is fraught. E.g.,

Analog Malicious Hardware

“Researchers have built a proof-of-concept processor that uses secretly stored electrical charge to trigger an ultra-stealthy backdoor.

And now imagine that silicon backdoor is invisible not only to the computer’s software, but even to the chip’s designer, who has no idea that it was added by the chip’s manufacturer …”



Clive Robinson June 20, 2023 11:30 AM

John Tillotson, ALL,

Re : Tape

“so a strip of electrical tape to cover up any LEDs…”

First of as I note above this is a “bulk effect” from the power supply and CPU load when doing intense crypto and similar activities.

So keep in mind “it’s a power supply issue” so will effect the whole circuit.

Thus three things to consider,

1, Is it the only LED?
2, Can you see other LEDs that are not “visable light”?
3, At what frequencies are the plastic case and tape transparent?

But it’s a “bulk effect” so it’s,not just LED’s you have to think about.

Transistors like FETs are often used for high current load switching. They will heat up and cool down quite rapidly if “surface mount” and could give a “trigger signal” for timing. Thus you hqve to consider “thermal imaging” as well.

Other parts of the circuit will generate RF that will radiate from the case. The type of oscillator used for the CPU will be “cheap and nasty” as will the oscillator circuit, as neither frequency stability or tank energy will be part of the design requirments.

So when the power voltage changes the frequency will change as either Frequency or Phase modulation, and it’s radiated level will change.

All of which can be picked up by a less than 50USD software defined receiver connected to a laptop or even Pi Zero or similar “Gum Stick” “Single Board Computer”(SBC) to be “data logged” then forwareded by WiFi or similar.

You can make a unit to do this increadibly easily… Heck first year studebts at the Technion Institute in Hafa had their “Pitta Bread” design back a decade or more ago. Based on ideas from MGK in Cambridge labs from a decade prior. Have a look at,


It will make interesting back ground reading. Any Blue or Red team member who does not know the contents and implications of that paper, realy should not be “playing” at being a security person of any worth these days… It’s not as though I’ve not been waving a flag saying “learn it, play with it, use it with intent” for the past decade here and other places.

But something every one should know from basic physics.

All materials have an EM frequency response. Thus they will exhibit all sorts of changes as,

“You go from DC to daylight and beyond.”

That is absorbtion, reflection and conduction all vary with frequency. If you use a material that is transparent at a frequency your device generates then you have a “side channel” through which information can haemorrhage.

Secondly many electrical devices are “Transducers” that is they convert energy from one form to another. Inductors for instance make “transformers”, but as they do work they are “inefficient” and energy gets conducted or radiated out of them. As anyone who worked with the design and use of “Switch Mode Power Supplies”(SMPSU) back last century will know it’s not just EM energy they transmit, the coils move in sympathy so they generate mechanical energy in exactly the same way your Hi Fi speakers do… Thus any change in the power supply will be broadcast as sound as well. Mostly these days it’s up above the hearing range of humans and other mammals so we don’t think about it.

As a security engineer you have to be not just aware of it but design to minimise it. Few that have not had that “TEMPEST / EmSec” oh so super secret –only in the US– course are actively aware of it. That’s even though it can degrade product lifetimes significantly (by causing “material fatigue” that “work hardens” then causes “micro fracturing” that then turns into full fractures and broken conductors and similar).

The key things to note about TEMPEST / EmSec with regards “compromising emmissions” are,

1, Bandwidth
2, Energy
3, Information types
4, Modulation / impressing

If people don’t know why then they need to read a good book on EMC backed by a first year graduate book on basic physics, and mathmatics.

I could go on apparently endlessly on the subject such as noting,

1, Information Systems are transparent.
2, Information Systems are not segregated.

Thus as Matt Blaze and students demonstrated back in 2005 that the naff little microcontroler in your Keyboard can send data to the Internet or other network connected device and you just will not see it unless you know what you are looking for. Have a look at the JitterBugs paper,


Have fun.

Winter June 20, 2023 11:44 AM


And now imagine that silicon backdoor is invisible not only to the computer’s software, but even to the chip’s designer, who has no idea that it was added by the chip’s manufacturer …”

The old Trusted Trust attack is back again, but now includes hardware.

Clive Robinson June 20, 2023 4:08 PM

@ modem phonems, Leon Theremin, Winter,

“Analog Malicious Hardware”

A hardware vulnerabilty as you described is not new.

It has been described along with several other chip production vulnerabilities by @RobertT on this blog oh getting on for a decade back.

He @Nick_P and @figureitout had several chats over around a year off and on.

The upshot is few chip designers these days actually design functional blocks, they mainly hook up macros from the chip manufacturer or an external contractor.

An example of this is the SoC systems the likes of Broadcom make for mobile phones. They do not have the inhouse teams to do all the macros so they “buy in” the most notable part is the ARM CPU’s RAM and FlashROM etc. As I understand it from overhearing other people Broadcom have some propriatory radio systems macros and like NVIDA some proprietory video systems.

But even when the chip “tape-out” is finished by the designers, other tracks and logic get put in often by the chip manufacturer so they can “test”. So a backdoor or similar could be put in there.

The trick though is to not trigger the software checking on the chip layout, often this is proprietory to the actual FAB based on what their individual systems can or can not do.

@RobertT described how to hide certain types of via and couple signals from trace to trace etc so even quite experienced designers would not find things.

He also considered what should be “back doored” and considered pulling out the “carry bit” as likely being the most useful.

Any way search this site for his handle and have a read.

ResearcherZero June 21, 2023 12:14 AM

“In the end, it’s a matter of trust, whether you actually trust this vendor and its components with all your sensitive data.”

“These kinds of microcontrollers are a black box to me and every other researcher trying to understand how this device is working.”

Hualan’s Initio chips are used in encrypted storage devices as so-called bridge controllers, sitting between the USB connection in a storage device and memory chips or a magnetic disk to encrypt and decrypt data on a USB thumbdrive or external hard drive.

Security researchers’ teardowns have shown that storage device manufacturers including Lenovo, Western Digital, Verbatim, and Zalman have all at times used encryption chips sold by Initio.

But three lesser-known hard drive manufacturers, in particular, also integrate the Initio chips and list Western government, military, and intelligence agencies as customers.


Clive Robinson June 21, 2023 5:09 AM

@ ResearcherZero, ALL,

Re : OMG it’s Chinese it must be bad.

“Hualan’s Initio chips are used in encrypted storage devices as so-called bridge controllers, sitting between the USB connection in a storage device and memory chips or a magnetic disk to encrypt and decrypt data on a USB thumbdrive or external hard drive.”

Yes they are low end chips designed primarily for consumer and commercial use to “protect data at rest” against “unknowledgable attackers” threat model.

That is once powered down to loose active KeyMat, provide protection to a level suitable for “compliance” against casual theft and accidental loss and more serious theft by insiders and some data ransoming attackers.

Using them in millitary / Diplomatic / Government work where secrecy against knowledgable and well resourced –level/type III– adversaries is not what they’ve been designed for.

If you want to know who’s realy to blaim for these chips look no further than US Politicians…

The US via the NSA had various secure data product designs for all usage levels. However they were, “clunky to use”, “took for ever to obtain”, “half a decade or more behind COTS equipment”, and worst of all “Eye wateringly expensive” not just for the kit but all the extra auditing etc for “standard” KeyMat handling.

So the politico’s did a “Small Government” trick and said Government at all levels had to buy “Consumer Of The Shelf”(COTS) equipment…

“Hurrar another win for US style Capitalism.”

Only it was not, the US lost it’s native ability to provide the required level of security devices to foreign mass market manufacturers… As any fool with half a brain and an ounce of common sense would have realised… (but that was not the plan anyway, the plan was to put tax money in certain pockets by “outsorcing supply, service and maintainence”).

But how to “cover it up”… Well if you’ve not got native supply you’ve two basic choices,

1, Go without.
2, Get non-native supply.

As the first option was not possible for a whole heap of reasons. The second option had to be used.

For a time the devices used came from ZTE (Chinese Telecoms company). But for face saving reasons as with 5G and Huawei (Chinese Telcoms company) the politicians started banging the war drum as “wrap yourself in the flag” morons often do.

What were they trying to hide?

Well AT&T in very intimate relationships with not just the NSA and US Military, but other companies such as Boeing that were intimate with the NSA and US Military.

And the fact that the NSA and US Military had via MOST major US electronics and communications manufacturers put in backdoors and overrides… And sent them to every country in the world where they could…

It’s not a matter of suspicion they were caught red handed. Worse it became public and the response from China was quite mild mannered in comparison to the usual US noise and nonsense. China passed a couple of anti-espionage laws and started phasing US equipment out of finance and telecoms…

So when you read of a company,

“specifically flagged in warnings from the US Department of Commerce for its ties to the Chinese military”

ALL and I do mean ALL US tech companies have as strong if not stronger ties to the US Military and US SigInt etc agencies… So if you are not in the US,

“WARNING – All US tech companies are linked with US Military and US Espionage activities – DO NOT Purchase.”

So a question of which Country is going to do you more harm?

Well the simple answer is “The US have been repeatedly and publically caught out” other nations have not… What that realy means is,

Don’t trust any tech companies they all work with their Nations Millitary and Espionage Entities

So what to do?

The answer is “mitigate” as I’ve detailed in the past…

The first being the question,

“What is the business reason for this to be externally accessable?”

If the answer is –as is usually the case– none, then start at the top of the stack by segregating it entirely (that includes the users).

Then move down to the bottom of the stack and work on storage at rest security

For instance using RAID you can spread data “bytewise” across multiple encrypting drives. The RAID array can have it’s data fed through an “Inline Media Encryptor”.

Which whilst great for “Data at rest” is usless security wise when in use. Which was why the “segregate” step was first. Can you improve on this?

Yes you go back to the top of the stack where you have individual encryption for users and user groups on servers.

You keep alternating “top of the stack” and “bottom of the stack” working towards the middle.

Yes it’s a pain to setup and manage, but providing you “shop with care” all the pieces of the puzzle will be from different suppliers and supply chains. So an attacker ranging from your own National Government to any other entity will not have all the pieces needed…

So if you are playing technology wise against a level/type III adversary they will just take it to a different more physical level such as an overnight “black bag job” on the premises, till they exhaust all the technical hacks… Then they will as the XKCD cartoon has it, just go for the $5 wrench option on key employees or their loved ones.

Can you mitigate all of this, short answer is “probably yes” will you miss something in your mitigations again “probably yes”.

Which is why there are other options beyond the “technical” and “physical” security ones.

What you are trying to protect is “information” which means you also have “informational security” as well as technical and physical security available to you.

Whilst encryption is using information to secure information, it’s viewed as a “technical security” solution. But there are others steganographic systems hide information within information. Many think of it as being the “poor man cousin” to encryption it’s not.

The “One Time Pad”(OTP), gives “Perfect Secrecy” and nearly everyone jumps to the wrong conclusion that it’s “unbreakable” it’s not as history has repeatedly shown (KeyMan incorrectly implemented and administered).

The promise of the OTP is only,

“All plaintexts of the same length or shorter than the ciphertext are equiprobable”

From this comes a whole series of possibilities other security techniques such as most encryption systems do not offer.

An adversary faced with multiple choices they can not differentiate –ie all equiprobable– has lost before they have started. All they can hope to do is try to come up with some “differentiator test” usually by some statistical correlation.

The same works equally well for steganographic and other “informational security” systems.

It also gives something that can be more valuable when the adversary goes down the $5 wrench or other attack the wetware route, “Deniability”.

Such systems go back into the 1800’s at least. You come up with an “indicator system” that the 1st party (Alice) uses to tell the 2nd party (Bob) in a communications system if a piece of text within a message is valid or not. During WWII a variation of this were known as “Duress codes” or just message “check codes” so an agent behind the lines could indicate if they had been caprured and thus what they were sending was being pushed by the enemy. The physical equivalent is having two keys that will unlock a door but one of them in the unlock process will set off a “silent alarm” so the intruders will be stopped.

The research areas of “Equiprobable” and “Deniability” are shall we say very under represented in the accademic and non governmental domains, which is something that needs to be changed.

Jon June 22, 2023 3:06 AM

@ Clive Robinson

“All plaintexts of the same length or shorter than the ciphertext are equiprobable”

Which I have always noted leads to a very interesting possibility:

Given target Alice has encrypted data, and Bob has access to that and some incriminating data (of equal or shorter length), it’s trivial for Bob to construct a one-time pad that “decrypts” Alice’s data into the incriminating data, thus Bob can “help” law enforcement by providing the “key” – thus framing Alice.


Clive Robinson June 22, 2023 8:01 AM

@ Jon, ALL,

Re : Bob’s a snitch.

‘thus Bob can “help” law enforcement by providing the “key” – thus framing Alice.’

You’ve got half of it…

Alice provides the original key and the possability of “framing” is shown.

But what if Bob is being “honest” with the authorities and gives them the real key?

All Alice has to do generate a real key and a second key that turns her original “dangerous message” into a “safe message”. Thus she has deniability.

It’s an important concept which you only get with OTP type ciphers where the “unicity distance” is open ended. The reality of AES and all symetric ciphers in common use is that trying to create a “deniable key” is practically impossible if Alice’s message is longer than around 40bits of actual information…

So yes whilst OTP type systems do have real world disadvantages they also have real world advantages that other encryption systems do not have.

I mentioned the other day,


that the paper,


the AI Stenography was based on had issues.

One of which is the claim for “perfect secrecy” well it actually does not have that… Because of my interest in “deniabilty” just looking at the drawing of the way the system worked told me the paper had flaws…

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.