Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to — among others — Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC). Bloomberg has stood by its story — and is still standing by … Read More “That Bloomberg Supply-Chain-Hack Story” »
Category: hardware
Auto Added by WPeMatico
Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn’t be surprising that microprocessor designers have been building insecure hardware for 20 years. What’s surprising is that it took 20 … Read More “More Spectre/Meltdown-Like Attacks” »
Interesting research: “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)“: Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have … Read More “Security of Solid-State-Drive Encryption” »
I’ve blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don’t know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge. We don’t know anything more, but this is the most comprehensive rebuttal of the story … Read More “More on the Supermicro Spying Story” »
Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I linked to other commentary and analysis here.) Again, I … Read More “Another Bloomberg Story about Supply-Chain Hardware Attacks from China” »
If someone has physical access to your locked — but still running — computer, they can probably break the hard drive’s encryption. This is a “cold boot” attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot … Read More “New Variants of Cold-Boot Attack” »
Another speculative-execution attack against Intel’s SGX. At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users’ data even if the entire system falls under the attacker’s control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow … Read More “Speculation Attack Against Intel’s SGX” »
We don’t know if this is error or deliberate action, but five backdoors have been discovered already this year. Powered by WPeMatico
Playing a sound over the speakers can cause computers to crash and possibly even physically damage the hard drive. Academic paper. Powered by WPeMatico
Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called “Speculative Store Bypass.” Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I’m not surprised. Writing about Spectre and Meltdown in January, I predicted that we’ll be seeing a lot more of … Read More “Another Spectre-Like CPU Vulnerability” »