February 16, 2024 at 05:33PM The collaborative paper by researchers from OpenAI, Cambridge University, Harvard University, and University of Toronto offers “exploratory” ideas to regulate AI chips and hardware. Suggestions include measuring and auditing advanced AI systems and enforcing policies to prevent abuse. However, industry resistance to security features impacting AI performance is expected. Ideas … Read more
February 7, 2024 at 10:40AM A recent YouTube video demonstrated how a Raspberry Pi Pico can exploit a vulnerability to access a BitLocker-secured device in under a minute. The technique involves intercepting the unencrypted key passed between the TPM and CPU, using affordable components. While Microsoft acknowledges such attacks, mitigations can be implemented through the … Read more
December 28, 2023 at 10:54AM Kaspersky’s GReAT team uncovered a hidden iPhone feature, exploited through CVE-2023-38606, allowing attackers to evade memory protection. The issue affected iPhones on iOS up to 16.6 and may have been for testing or debugging. The team’s thorough analysis revealed a sophisticated attack vector, demonstrating how even advanced hardware protection can … Read more
December 28, 2023 at 06:42AM The Operation Triangulation spyware targeting Apple iOS devices utilized unprecedented exploits to bypass hardware-based security. The sophisticated attack, active since 2019, used four zero-day flaws to gain access to iOS devices and gather sensitive information. Patches were released by Apple, with 20 zero-days resolved this year. A particular vulnerability, CVE-2023-38606, … Read more
December 20, 2023 at 08:27PM The perpetual battle between IT security improvements and evolving attacker exploits has traditionally focused on software advancements. However, emerging hardware security technologies, particularly advanced instruction set architecture (ISA) extensions, have the potential to revolutionize IT security. Collaborative open-source efforts are driving progress in this area and will play a crucial … Read more
December 20, 2023 at 08:19PM Evolution of IT security presents a dynamic battleground between software sophistication and hardware advancements. While software remains the primary focus, emerging hardware technologies, such as advanced instruction set architecture (ISA) extensions, promise groundbreaking contributions to IT security capabilities. Open source technologies, like Capability Hardware Enhanced RISC Instructions (CHERI), exemplify the … Read more
December 9, 2023 at 07:12AM Researchers from Vrije Universiteit Amsterdam disclosed a new side-channel attack called SLAM, exploiting a feature in Intel, AMD, and Arm CPUs. The exploit, an end-to-end Spectre-based attack, allows leakage of sensitive data from kernel memory. Intel, AMD, and Arm are working on mitigations, while existing and future CPUs are affected. … Read more
November 22, 2023 at 05:39PM Researchers have discovered vulnerabilities in Windows Hello’s fingerprint authentication system that allow hackers to bypass the security and login as someone else. The team found flaws in the communication between the software and hardware components of laptops using fingerprint sensors from Goodix, Synaptics, and ELAN. The vulnerabilities vary across different … Read more