Security News

Boffins trick AI model into giving up its secrets
2024-12-18 15:30

All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days Computer scientists from North Carolina State University...

The fix for BGP's weaknesses has big, scary, issues of its own, boffins find
2024-10-02 06:31

Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works The Resource Public Key Infrastructure (RPKI) protocol has...

British boffins say aircraft could fly on trash, cutting pollution debt by 80%
2023-10-17 07:30

Sustainable aviation fuels made from sources other than fossil fuels have the potential to reduce emissions by up to 80 percent, UK researchers have found. Boffins from the National Centre for Atmospheric Science and the University of Manchester testing various blends of traditional jet fuel and SAF said preliminary data shows that airline travel might not such a guilty trip over pollution due to more efficient engine controls.

EU mandated messaging platform love-in is easier said than done: Cambridge boffins
2023-03-29 14:28

In a preprint paper, "One Protocol to Rule Them All? On Securing Interoperable Messaging," University of Cambridge doctoral candidate Jenny Blessing and security engineering professor Ross Anderson observe that the DMA is now law in Europe and messaging gatekeepers will need to comply, though it won't be easy. "Designing a system capable of securely encrypting and decrypting messages and associated data across different service providers raises many thorny questions and practical implementation compromises," they say in their paper.

Privacy on the line: Boffins break VoLTE phone security
2023-01-11 01:58

Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations. Researchers Zishuai Cheng and Baojiang Cui, with the Beijing University of Posts and Telecommunications, and Mihai Ordean, Flavio Garcia, and Dominik Rys, with the University of Birmingham, have found a way to access encrypted call metadata - VoLTE activity logs that describe call times, duration, and direction for mobile network conversations.

Boffins build microphone safety kit to detect eavesdroppers
2022-09-12 07:30

Scientists from the National University of Singapore and Yonsei University in the Republic of Korea have developed a device for verifying whether your laptop microphone is secretly recording your conversations. The mic-monitoring gadget is described in an ArXiv paper titled, "TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals."

Boffins rate npm and PyPI package security and it's not good
2022-08-11 00:54

Computer scientists at North Carolina State University have put one of its tools to the test by evaluating software package registries npm and PyPI using OpenSSF Scorecards. In a preprint paper distributed via ArXiv, NCSU researchers Nusrat Zahan, Parth Kanakiya, Brian Hambleton, Shohanuzzaman Shohan, and Laurie Williams applied the OpenSSF Scorecard to software packages within npm and PyPI in order to see what security practices could be identified among the developers using those registries.

Boffins release tool to decrypt Intel microcode. Have at it, x86 giant says
2022-07-20 19:59

Infosec boffins have released a tool to decrypt and unpack the microcode for a class of low-power Intel CPUs, opening up a way to look at how the chipmaker has implemented various security fixes and features as well as things like virtualization. Published Monday on GitHub, the Intel Microcode Decryptor is a collection of three Python scripts users can execute to decode the microcode - including the SGX XuCode - of certain Atom, Pentium, and Celeron CPUs based on Intel's Goldmont and Goldmont Plus microarchitectures.

Silk could tie up all-but-unbreakable encryption, say South Korean boffins
2022-01-28 05:31

Silk could become a means of authentication and unbreakable encryption, according to South Korean boffins. Silk can take on this role, as explained in Nature Communications, because security boffins are increasingly interested in "Physical unclonable functions" - physical objects whose properties are impossible to replicate.

Boffins find way to use a standard smartphone to find hidden spy cams
2021-11-18 22:43

Recent model smartphones can be smarter still about finding hidden cameras in their vicinity, if they take advantage of time-of-flight sensors. Sriram Sami, Bangjie Sun, and Sean Rui Xiang Tan, from National University of Singapore, and Jun Han from Yonsei University, describe how this might be done in a paper [PDF] titled "LAPD: Hidden Spy Camera Detection using Smartphone Time-of-Flight Sensors".