Security News

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

One such feature is called Intel Total Memory Encryption, which Intel said helps ensure that all memory accessed from the CPU is encrypted - such as customer credentials, encryption keys and other IP or personal information on the external memory bus. The Intel Platform Firmware Resilience will be part of the Xeon Scalable platform, which Intel claims will help protect against platform firmware attacks by detecting them before they can compromise or disable the machine.

Apple's T2 security chip is insecure and cannot be fixed, a group of security researchers report. Over the past three years, a handful of hackers have delved into the inner workings of the custom silicon, fitted inside recent Macs, and found that they can use an exploit developed for iPhone jailbreaking, checkm8, in conjunction with a memory controller vulnerability known as blackbird, to compromise the T2 on macOS computers.

OpenFive along with AnalogX announced a complete sub-system solution and implementation for Chip-to-Chip interface with ultra-low latency and power. Interlaken IP supports from 1 up to 48 SerDes lanes with up to 112G SerDes rates, providing a scalable interface that offers end-to-end reliability using optional re-transmission and flow control mechanisms.

A researcher is claiming that Apple devices - with a macOS operating system and a T2 security chip - are open to an exploit that could give bad actors root access. The flaw stems from the T2 chip, which is the second-generation version of Apple's chip that provides bolstered security - including securing its Touch ID feature, as well as providing the foundation for encrypted storage and secure boot capabilities.

Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary code on the equipment. Huawei insists the vulnerabilities were not introduced by its HiSilicon chips nor the SDK code it provides to manufacturers that use its components.

A security flaw in a series of IoT connectivity chips could leave billions of industrial, commercial, and medical devices open to attackers. EHS8 modules are built for industrial IoT machines that operate in factories, the energy sector, and medical roles, and are designed to create secure communication channels over 3G and 4G networks.

Security researchers have identified hundreds of vulnerabilities that expose devices with Qualcomm Snapdragon chips to attacks. The proprietary subsystem is licensed for programming to OEMs and a small number of application developers, and the code running on DSP is signed, but the security researchers have identified ways to bypass Qualcomm's signature and run code on DSP. Vendors can build software for DSP using the Hexagon SDK, and serious security flaws in the development kit itself have resulted in hundreds of vulnerabilities being introduced in code from Qualcomm and partner vendors.

The Kr00k vulnerability disclosed earlier this has only been found to impact devices using Wi-Fi chips from Broadcom and Cypress, but researchers revealed this week that similar flaws have been discovered in chips made by Qualcomm and MediaTek. While Wi-Fi chips from Qualcomm, Ralink, Realtek and MediaTek are not vulnerable to Kr00k attacks, ESET researchers discovered that they are affected by similar flaws.

Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research. A new report by cyber threat intelligence provider Check Point Research explains how vulnerabilities found in a chip in many Android phones could allow hackers to spy on users.