Month: June 2022

Hartzbleed: A New Side-Channel Attack

Posted on By infossl
cryptography, keys, Security technology, side-channel attacks, Uncategorized

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. The team discovered that … Read More “Hartzbleed: A New Side-Channel Attack” »

Tracking People via Bluetooth on Their Phones

Posted on By infossl
academic papers, bluetooth, identification, privacy, Security technology, stalking, tracking, Uncategorized

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough. Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused … Read More “Tracking People via Bluetooth on Their Phones” »

Attacking the Performance of Machine Learning Systems

Posted on By infossl
academic papers, cyberattack, machine learning, Security technology, Uncategorized

Interesting research: “Sponge Examples: Energy-Latency Attacks on Neural Networks“: Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in datacenters and deploy them on edge devices, their designers’ focus so far … Read More “Attacking the Performance of Machine Learning Systems” »

M1 Chip Vulnerability

Posted on By infossl
academic papers, apple, cybersecurity, hardware, malware, Security technology, Uncategorized, vulnerabilities

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving … Read More “M1 Chip Vulnerability” »

Cryptanalysis of ENCSecurity’s Encryption Implementation

Posted on By infossl
Security technology, Uncategorized

ENCSecurity markets a file encryption system, and it’s used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, it’s implementation is flawed in multiple ways—and breakable. The moral is, as it always is, that implementing cryptography securely is hard. Don’t roll your own anything if you can help it. Powered … Read More “Cryptanalysis of ENCSecurity’s Encryption Implementation” »

Smartphones and Civilians in Wartime

Posted on By infossl
laws, Security technology, sensors, smartphones, Uncategorized, war

Interesting article about civilians using smartphones to assist their militaries in wartime, and how that blurs the important legal distinction between combatants and non-combatants: The principle of distinction between the two roles is a critical cornerstone of international humanitarian law­—the law of armed conflict, codified by decades of customs and laws such as the Geneva … Read More “Smartphones and Civilians in Wartime” »