Security News

Intel announces “exploit busting” features in its next processor chips
2020-06-16 16:57

As far as we can see, the first wave of Intel processors that will include these new protections are the not-quite-out-yet CPUs known by the nickname "Tiger Lake", so if you're a programmer you can't actually start tinkering with the CET features just yet. Errors in using memory are one of the leading causes of software bugs that lead to security holes, known in the trade as vulnerabilities.

RIP ROP, COP, JOP? Intel to bring anti-exploit tech to market in this year's Tiger Lake chip family
2020-06-15 13:00

Known as Control Flow Enforcement Technology, or CET, the protections are designed to prevent miscreants from exploiting certain programming bugs to execute malicious code that infects systems with malware, steals data, spies on victims, and so on. There are various mitigations in place on modern systems, such as Data Execution Prevention, that stop hackers from injecting and executing malicious code into a program when a victim opens a specially crafted document or connects to a remote service.

Intel patches chip flaw that could leak your cryptographic secrets
2020-06-12 15:33

If, for example, your program is reading through an array of data to perform a complex calculation based on all the values in it, the processor needs to make sure that you don't read past the end of your memory buffer, because that could allow someone else's private data to leak into your computation. The theory is that if the checks fail, the chip can just discard the internal data that it now knows is tainted by insecurity, so there's a possible performance boost without a security risk given that the security checks will ultimately prevent secret data being disclosed anyway.

Samsung Unveils New Security Chip for Mobile Devices
2020-05-26 13:48

Samsung on Tuesday unveiled a new security solution - composed of a secure element chip and security software - designed to enhance data protection on mobile devices. Samsung has described it as a "Standalone turnkey security solution" that provides protection for the booting process, isolated storage, mobile payments and other applications.

Samsung’s new security chip is a standalone turnkey security solution
2020-05-26 08:25

Samsung Electronics introduced a standalone turnkey security solution comprised of a Secure Element chip and enhanced security software that offers protection for tasks such as booting, isolated storage, mobile payment and other applications. Samsung's new security solution is an enhanced turnkey that follows the first-generation solution announced in February.

US Seeks to Cut Off China's Huawei From Global Chip Suppliers
2020-05-15 14:44

US officials moved Friday to cut off Chinese tech giant Huawei from global chipmakers, ramping up sanctions on the company seen by Washington as a national security risk. Officials said Huawei had been circumventing sanctions by obtaining chips and components that are produced around the world based on US technology.

Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers
2020-04-21 02:55

The details of the attacks against Xilinx 7-Series and Virtex-6 Field Programmable Gate Arrays have been covered in a paper titled "The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs" by a group of academics from the Horst Goertz Institute for IT Security and Max Planck Institute for Cyber Security and Privacy. In contrast to other known side-channel and probing attacks against Xilinx and Altera FPGAs, the novel "Low-cost" attack aims to recover and manipulate the bitstream by leveraging the configuration interface to read back data from the FPGA device.

Starbleed: Flaw in FPGA Chips Exposes Safety-Critical Devices to Attacks
2020-04-20 19:27

A potentially serious vulnerability discovered by researchers in Field Programmable Gate Array chips can expose many mission- and safety-critical devices to attacks. A team of researchers from Germany's Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and the Max Planck Institute for Security and Privacy discovered that FPGA chips are affected by a critical vulnerability - they have named it Starbleed - that can be exploited to take complete control of the chips.

Most computers easy to hack due to vulnerability in memory chips
2020-03-13 05:00

Most computer systems are still very easy to hack, due to a vulnerability in memory chips produced by Samsung, Micron and Hynix, according to a study by researchers from VUSec of the Vrije Universiteit Amsterdam. The vulnerability in question is called Rowhammer, a design flaw in the internal memory chips of a device that creates the vulnerability.

That LVI CPU hole wasn't the only Intel fix: Dozens of flaws patched to stop chips turning into potatoes
2020-03-11 01:01

Intel has posted a fresh crop of firmware updates for security flaws in its chipsets. An information-disclosure flaw in data forwarding for Intel processors prompted an advisory and firmware update, as did the already disclosed LVI design flaw.