Category: sidechannelattacks

Auto Added by WPeMatico

Recovering Keyboard Inputs through Thermal Imaging

Posted on By infossl
academicpapers, passwords, Security technology, sidechannelattacks

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it’s interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we humans routinely leave thermal residues on various objects … Read More “Recovering Keyboard Inputs through Thermal Imaging” »

Another Spectre-Like CPU Vulnerability

Posted on By infossl
hardware, intel, microsoft, Security technology, sidechannelattacks, vulnerabilities

Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called “Speculative Store Bypass.” Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I’m not surprised. Writing about Spectre and Meltdown in January, I predicted that we’ll be seeing a lot more of … Read More “Another Spectre-Like CPU Vulnerability” »

Another Branch Prediction Attack

Posted on By infossl
academicpapers, hardware, intel, Security technology, sidechannelattacks, vulnerabilities

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here’s another one: In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or … Read More “Another Branch Prediction Attack” »

Jumping Air Gaps

Posted on By infossl
airgaps, breaches, cybersecurity, Security technology, sidechannelattacks

Nice profile of Mordechai Guri, who researches a variety of clever ways to steal data over air-gapped computers. Guri and his fellow Ben-Gurion researchers have shown, for instance, that it’s possible to trick a fully offline computer into leaking data to another nearby device via the noise its internal fan generates, by changing air temperatures … Read More “Jumping Air Gaps” »

Spectre and Meltdown Attacks

Posted on By infossl
cloudcomputing, hardware, intel, patching, Security technology, sidechannelattacks

After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side-channel attacks where one process can spy on other processes. They affect computers where an untrusted browser window can execute code, phones that have multiple apps running at … Read More “Spectre and Meltdown Attacks” »

Stealing Browsing History Using Your Phone’s Ambient Light Sensor

Posted on By infossl
academicpapers, phones, privacy, Security technology, securityengineering, sensors, sidechannelattacks

There has been a flurry of research into using the various sensors on your phone to steal data in surprising ways. Here’s another: using the phone’s ambient light sensor to detect what’s on the screen. It’s a proof of concept, but the paper’s general conclusions are correct: There is a lesson here that designing specifications … Read More “Stealing Browsing History Using Your Phone’s Ambient Light Sensor” »

Jumping Air Gaps with Blinking Lights and Drones

Posted on By infossl
academicpapers, airgaps, drones, hacking, movieplotthreats, Security technology, sidechannelattacks

Researchers have demonstrated how a malicious piece of software in an air-gapped computer can communicate with a nearby drone using a blinking LED on the computer. I have mixed feelings about research like this. On the one hand, it’s pretty cool. On the other hand, there’s not really anything new or novel, and it’s kind … Read More “Jumping Air Gaps with Blinking Lights and Drones” »

Twofish Power Analysis Attack

Posted on By infossl
academicpapers, cryptanalysis, cryptography, encryption, Security technology, sidechannelattacks, twofish

New paper: “A Simple Power Analysis Attack on the Twofish Key Schedule.” This shouldn’t be a surprise; these attacks are devastating if you don’t take steps to mitigate them. The general issue is if an attacker has physical control of the computer performing the encryption, it is very hard to secure the encryption inside the … Read More “Twofish Power Analysis Attack” »

Using Wi-Fi to Detect Hand Motions and Steal Passwords

Posted on By infossl
academicpapers, cellphones, hacking, passwords, Security technology, sidechannelattacks, wifi

This is impressive research: “When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals“: Abstract: In this study, we present WindTalker, a novel and practical keystroke inference framework that allows an attacker to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information. WindTalker is motivated from the observation that … Read More “Using Wi-Fi to Detect Hand Motions and Steal Passwords” »