September 10, 2024 at 07:39AM PIXHELL, a new side-channel attack, targets air-gapped computers by exploiting the “audio gap” to exfiltrate sensitive data using the noise generated by the screen pixels. The attack doesn’t require specialized audio hardware and could bypass air-gapping security measures. Countermeasures include acoustic jammers and monitoring for unusual signals. From the meeting … Read more
September 8, 2024 at 01:10AM A new side-channel attack called “RAMBO” uses electromagnetic radiation from a device’s RAM to transmit data from air-gapped computers, potentially breaching their security. Based on the meeting notes, it appears that the discussion pertains to a new side-channel attack called “RAMBO” (Radiation of Air-gapped Memory Bus for Offense). This attack … Read more
September 4, 2024 at 08:36AM NinjaLab demonstrated the Eucleak attack, exploiting a vulnerability in third-party cryptographic libraries to clone YubiKey hardware authentication devices. The attack requires physical access and equipment to extract the cryptographic key, but Yubico has issued a security advisory and implemented firmware updates to mitigate the issue. Infineon is also working on … Read more
July 3, 2024 at 10:33AM Researchers at UCSD have developed a new method, called “Indirector,” to execute Spectre-like side channel attacks on high-end Intel CPUs. This technique exploits the speculative execution feature to redirect a program’s control flow, potentially leaking sensitive data. The attack works on various generations of Intel CPUs and poses challenges for … Read more
July 2, 2024 at 07:07AM Modern Intel CPUs like Raptor Lake and Alder Lake are vulnerable to a new side-channel attack named “Indirector.” The attack exploits weaknesses in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to leak sensitive information. Mitigations include using Indirect Branch Predictor Barrier (IBPB) more aggressively and hardening the Branch … Read more
June 28, 2024 at 06:45AM Security researchers from Graz University of Technology have revealed a new side-channel attack, SnailLoad, capable of remotely inferring a user’s web activity. By exploiting network latency, the attack allows attackers to deduce websites visited or videos watched without needing to be in physical proximity to the victim’s Wi-Fi connection. Additionally, … Read more
June 24, 2024 at 12:25PM Researchers from Graz University of Technology have discovered a new method, SnailLoad, which enables remote attackers to infer websites and content viewed by a user without direct access to their network traffic. The attack is efficient and does not require a person-in-the-middle position or code execution on the victim’s system. … Read more
March 22, 2024 at 11:07AM The “GoFetch” attack targets modern Apple M-series CPUs’ constant-time cryptographic implementations, allowing it to steal secret cryptographic keys from the CPU’s cache. The attack, developed by researchers in the U.S., cannot be fixed in affected CPUs. Mitigating it with software patches would reduce cryptographic performance. Apple owners should practice safe … Read more
March 22, 2024 at 07:54AM A team of US researchers revealed a new side-channel attack named GoFetch, targeting Apple CPUs to extract secret encryption keys. By exploiting a hardware optimization, they inferred keys through specially crafted inputs and demonstrated successful attacks on various cryptographic implementations. The findings were reported to Apple and other developers for … Read more
March 17, 2024 at 10:25AM Researchers have developed a new acoustic side-channel attack on keyboards, capable of deducing user input based on typing patterns, even in noisy environments. The method achieves a 43% average success rate and doesn’t require controlled recording conditions. However, it may be less effective for those with inconsistent typing patterns or … Read more