Category: side-channel attacks

Auto Added by WPeMatico

YubiKey Side-Channel Attack

Posted on By infossl
academic papers, cloning, security analysis, Security technology, security tokens, side-channel attacks, Uncategorized

There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis. Powered by WPeMatico

New Attack Against Self-Driving Car AI

Posted on By infossl
academic papers, artificial intelligence, cars, cyberattack, Security technology, side-channel attacks, Uncategorized

This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the … Read More “New Attack Against Self-Driving Car AI” »

Hardware Vulnerability in Apple’s M-Series Chips

Posted on By infossl
apple, encryption, hardware, Security technology, side-channel attacks, Uncategorized

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, … Read More “Hardware Vulnerability in Apple’s M-Series Chips” »

Side Channels Are Common

Posted on By infossl
academic papers, Security technology, sensors, side-channel attacks, Uncategorized

Really interesting research: “Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression. … Read More “Side Channels Are Common” »

Using Machine Learning to Detect Keystrokes

Posted on By infossl
machine learning, Security technology, side-channel attacks, smartphones, Uncategorized

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than … Read More “Using Machine Learning to Detect Keystrokes” »

Side-Channel Attack against CRYSTALS-Kyber

Posted on By infossl
academic papers, cryptography, encryption, machine learning, quantum computing, quantum cryptography, Security technology, side-channel attacks, Uncategorized

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack. The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this … Read More “Side-Channel Attack against CRYSTALS-Kyber” »

Security Analysis of Threema

Posted on By infossl
academic papers, authentication, cryptanalysis, encryption, Security technology, side-channel attacks, threat models, Uncategorized, vulnerabilities

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a … Read More “Security Analysis of Threema” »

Recovering Smartphone Voice from the Accelerometer

Posted on By infossl
academic papers, eavesdropping, Security technology, side-channel attacks, smartphones, Uncategorized

Yet another smartphone side-channel attack: “EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers“: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping. While more devastating attacks … Read More “Recovering Smartphone Voice from the Accelerometer” »

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Posted on By infossl
academic papers, Security technology, side-channel attacks, Uncategorized, videoconferencing

Okay, it’s an obscure threat. But people are researching it: Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size … Read More “Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses” »

Hertzbleed: A New Side-Channel Attack

Posted on By infossl
cryptography, keys, Security technology, side-channel attacks, Uncategorized

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. The team discovered that … Read More “Hertzbleed: A New Side-Channel Attack” »