hardware – SSL and internet security news

Hardware Vulnerability in Apple’s M-Series Chips

March 28, 2024 infossl

apple, encryption, hardware, Security technology, side-channel attacks, Uncategorized

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, … Read More “Hardware Vulnerability in Apple’s M-Series Chips” »

Successful Hack of Time-Triggered Ethernet

November 18, 2022 infossl

cyberattack, embedded systems, hardware, Security technology, spoofing, Uncategorized

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it: On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single … Read More “Successful Hack of Time-Triggered Ethernet” »

M1 Chip Vulnerability

June 15, 2022 infossl

academic papers, apple, cybersecurity, hardware, malware, Security technology, Uncategorized, vulnerabilities

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving … Read More “M1 Chip Vulnerability” »

Testing Faraday Cages

December 3, 2021 infossl

hardware, iphone, Security technology, Uncategorized

Matt Blaze tested a variety of Faraday cages for phones, both commercial and homemade. The bottom line: A quick and likely reliable “go/no go test” can be done with an Apple AirTag and an iPhone: drop the AirTag in the bag under test, and see if the phone can locate it and activate its alarm … Read More “Testing Faraday Cages” »

New Rowhammer Technique

November 19, 2021 infossl

hardware, Security technology, side-channel attacks, Uncategorized

Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a new enhancement: All previous Rowhammer … Read More “New Rowhammer Technique” »

New Spectre-Like Attacks

May 5, 2021 infossl

academic papers, hardware, patching, Security technology, Uncategorized, vulnerabilities

There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details: The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing … Read More “New Spectre-Like Attacks” »

Router Security

February 19, 2021 infossl

hardware, Internet of Things, linux, mitigation, patching, reports, Security technology, Uncategorized, vulnerabilities

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of … Read More “Router Security” »

Securing the International IoT Supply Chain

July 1, 2020 infossl

academicpapers, cybersecurity, hardware, internetofthings, Security technology, securitypolicies, supplychain

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the … Read More “Securing the International IoT Supply Chain” »

Another Intel Speculative Execution Vulnerability

June 11, 2020 infossl

exploits, hacking, hardware, intel, keys, Security technology, sidechannelattacks, vulnerabilities

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they — and the research into the Intel ME vulnerability — have shown researchers where to look, more is coming — and what they’ll find will be worse … Read More “Another Intel Speculative Execution Vulnerability” »

Used Tesla Components Contain Personal Information

May 8, 2020 infossl

cars, dataloss, dataretention, hardware, identification, internetofthings, leaks, Security technology

Used Tesla components, sold on eBay, still contain personal information, even after a factory reset. This is a decades-old problem. It’s a problem with used hard drives. It’s a problem with used photocopiers and printers. It will be a problem with IoT devices. It’ll be a problem with everything, until we decide that data deletion … Read More “Used Tesla Components Contain Personal Information” »