Hot Topics

side-channel attacks

Hardware Vulnerability in Apple’s M-Series Chips

| | Apple, encryption, hardware, side-channel attacks, Uncategorized
It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access ...
Schneier on Security

ChatGPT Plugin Security Vulnerabilities Exploited By Hackers

| | AI Assistants, ChatGPT, Cyber Threats, Cybersecurity, Cybersecurity News, Data breaches, digital security, Encryption Protocols, Hackers, OAuth Workflow, Penetration Testing, Plugin Security, security measures, side-channel attacks, Vulnerabilities, Zero-click Attacks
In the realm of cybersecurity, constant vigilance is paramount as threat actors perpetually seek novel ways to exploit vulnerabilities. Recent research has shed light on a concerning trend: the potential misuse of ...
TuxCare
A man stares at you while holding up his right index finger

‘PrintListener’ Attack on Fingerprint Readers — Can You Trust Biometrics?🤞

| | biometric, biometric authentication, biometric data, Biometric Data Abuse, biometric identification, biometric identity, biometric security, biometrics, biometrics authentication, Biometrics-Based Authentication, digital biometrics, digital fingerprint, Fingerprint Scanners, fingerprint scanning, Fingerprint Sensor Vulnerabilities, fingerprint sensors, fingerprints, PrintListener, SB Blogwatch, Side-Channel, side-channel attack, side-channel attacks, sidechannelattacks, touchless fingerprint
Mic Check: Researchers reconstruct your fingerprint by listening to you swipe ...
Security Boulevard

Side Channels Are Common

| | academic papers, sensors, side-channel attacks, Uncategorized
Really interesting research: “Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ...
Schneier on Security

Power LED Side-Channel Attack

| | cameras, cryptography, keys, side-channel attacks, Uncategorized
This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­—or of an attached ...
Schneier on Security

Security Analysis of Threema

| | academic papers, Authentication, cryptanalysis, encryption, side-channel attacks, threat models, Uncategorized, Vulnerabilities
A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users ...
Schneier on Security

Recovering Smartphone Voice from the Accelerometer

| | academic papers, eavesdropping, side-channel attacks, smartphones, Uncategorized
Yet another smartphone side-channel attack: “EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers“: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety ...
Schneier on Security

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

| | academic papers, side-channel attacks, Uncategorized, videoconferencing
Okay, it’s an obscure threat. But people are researching it: Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent ...
Schneier on Security

New Browser De-anonymization Technique

| | Browsers, de-anonymization, Privacy, side-channel attacks, Uncategorized
Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another: The findings, which NJIT researchers will present at the Usenix Security ...
Schneier on Security

Hertzbleed: A New Side-Channel Attack

| | cryptography, keys, side-channel attacks, Uncategorized
Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring ...
Schneier on Security
Load more

Secure Guardrails