Security News
Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack
Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all. In a paper [PDF] titled "Transient Execution of Non-Canonical Accesses," released via ArXiv, Saidgani Musaev and Christof Fetzer analyzed AMD Zen+ and Zen 2 chips - namely the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX - and found that they were able to adversely manipulate the operation of the CPU cores.
"We solve something that had previously been thought impossible - achieving location privacy in mobile networks," said Paul Schmitt, an associate research scholar at the Center for Information Technology Policy at Princeton University, told The Register. In "Pretty Good Phone Privacy," [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn't betray the location of mobile network customers.
Researchers at the Columbia University School of Engineering and Applied Science have showcased two new approaches to providing computers with memory protection without sacrificing performance - and they're being implemented in silicon by the US Air Force Research Lab. Take the Spectre and Meltdown families of vulnerabilities, for example: speculative execution frameworks added to improve performance have turned into a boon for ne'er-do-wells looking to access secrets hidden in supposedly protected memory regions.
A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany. Using certified PDFs is increasingly common in business.
A trio of researchers from China have found that QUIC is more vulnerable to web fingerprinting than HTTPS, a shortcoming that could make it easier for an adversary to infer which websites an individual is visiting by scrutinizing network traffic. Google developed QUIC to solve issues like these and the protocol is being worked on in parallel by the Internet Engineering Task Force as a standard.
By running a survey on whether infosec bods think the Common Vulnerability Scoring System is a useful tool for assessing security flaws, Dr Zinaida Benenson of Friedrich-Alexander Universität Erlangen-Nürnberg's IT Security Infrastructure Lab in Germany hopes to further the infosec world's understanding of how reliable the system really is. While the survey hopes to gain up to 300 respondents, Benenson was coy about precisely what she's hoping to prove or disprove, but she did drop The Register a hint about the current state of CVSS scoring.
In a paper titled "Real-World ADS-B signal recognition based on Radio Frequency Fingerprinting," three Chinese researchers describe what they said was a method of identifying unique transmitters fitted to aircraft - regardless of what identity code the equipment is broadcasting. ADS-B transmitters work by broadcasting the aircraft's GPS location along with a unique identifier, issued by the registering country's authorities.
Voatz, the maker of a blockchain-based mobile election voting app pilloried for poor security earlier this year, has urged the US Supreme Court not to change the 1986 Computer Fraud and Abuse Act, a law that critics say inhibits security research because it's overly broad. The app maker filed an amicus brief [PDF] on Thursday in Van Buren v. United States in support of the US government, which seeks to uphold the 2017 conviction of former Georgia police officer Nathan Van Buren under the CFAA. Van Buren was convicted of violating the CFAA for conducting a computer search for a license plate number. Coincidentally, its app was slammed in February by computer scientists for a variety of security flaws.
The paper presents "SpiKey, a novel attack that utilizes a smartphone microphone to capture the sound of key insertion/withdrawal to infer the shape of the key, i.e., cut depths that form the 'secret' of the key, solely by the captured acoustic signal." The researchers explained that there will be more than one "Candidate keys" rather than a single one that fits the pattern, but that in the case of the particular six-pin key analysed, "SpiKey guarantees reducing more than 94 per cent of keys to less than 10 candidate keys" with three candidates being "The most frequent case".
Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the Foreshadow variant have missed the mark. In a paper slated to be distributed through ArXiv today, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz University of Technology, and Michael Schwarz, with the Helmholtz Center for Information Security, reveal the computer science world has misunderstood the microarchitectural flaw that enables Foreshadow, which can be exploited by malware or a rogue user on a vulnerable system to extract data from supposedly protected areas of memory - such as Intel SGX enclaves, and operating-system kernel and hypervisor addresses.