Security News

Sustainable aviation fuels made from sources other than fossil fuels have the potential to reduce emissions by up to 80 percent, UK researchers have found. Boffins from the National Centre for Atmospheric Science and the University of Manchester testing various blends of traditional jet fuel and SAF said preliminary data shows that airline travel might not such a guilty trip over pollution due to more efficient engine controls.

In a preprint paper, "One Protocol to Rule Them All? On Securing Interoperable Messaging," University of Cambridge doctoral candidate Jenny Blessing and security engineering professor Ross Anderson observe that the DMA is now law in Europe and messaging gatekeepers will need to comply, though it won't be easy. "Designing a system capable of securely encrypting and decrypting messages and associated data across different service providers raises many thorny questions and practical implementation compromises," they say in their paper.

Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations. Researchers Zishuai Cheng and Baojiang Cui, with the Beijing University of Posts and Telecommunications, and Mihai Ordean, Flavio Garcia, and Dominik Rys, with the University of Birmingham, have found a way to access encrypted call metadata - VoLTE activity logs that describe call times, duration, and direction for mobile network conversations.

Scientists from the National University of Singapore and Yonsei University in the Republic of Korea have developed a device for verifying whether your laptop microphone is secretly recording your conversations. The mic-monitoring gadget is described in an ArXiv paper titled, "TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals."

Computer scientists at North Carolina State University have put one of its tools to the test by evaluating software package registries npm and PyPI using OpenSSF Scorecards. In a preprint paper distributed via ArXiv, NCSU researchers Nusrat Zahan, Parth Kanakiya, Brian Hambleton, Shohanuzzaman Shohan, and Laurie Williams applied the OpenSSF Scorecard to software packages within npm and PyPI in order to see what security practices could be identified among the developers using those registries.

Infosec boffins have released a tool to decrypt and unpack the microcode for a class of low-power Intel CPUs, opening up a way to look at how the chipmaker has implemented various security fixes and features as well as things like virtualization. Published Monday on GitHub, the Intel Microcode Decryptor is a collection of three Python scripts users can execute to decode the microcode - including the SGX XuCode - of certain Atom, Pentium, and Celeron CPUs based on Intel's Goldmont and Goldmont Plus microarchitectures.

Silk could become a means of authentication and unbreakable encryption, according to South Korean boffins. Silk can take on this role, as explained in Nature Communications, because security boffins are increasingly interested in "Physical unclonable functions" - physical objects whose properties are impossible to replicate.

Recent model smartphones can be smarter still about finding hidden cameras in their vicinity, if they take advantage of time-of-flight sensors. Sriram Sami, Bangjie Sun, and Sean Rui Xiang Tan, from National University of Singapore, and Jun Han from Yonsei University, describe how this might be done in a paper [PDF] titled "LAPD: Hidden Spy Camera Detection using Smartphone Time-of-Flight Sensors".

Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all. In a paper [PDF] titled "Transient Execution of Non-Canonical Accesses," released via ArXiv, Saidgani Musaev and Christof Fetzer analyzed AMD Zen+ and Zen 2 chips - namely the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX - and found that they were able to adversely manipulate the operation of the CPU cores.

"We solve something that had previously been thought impossible - achieving location privacy in mobile networks," said Paul Schmitt, an associate research scholar at the Center for Information Technology Policy at Princeton University, told The Register. In "Pretty Good Phone Privacy," [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn't betray the location of mobile network customers.