Security News

Samsung Electronics introduced a standalone turnkey security solution comprised of a Secure Element chip and enhanced security software that offers protection for tasks such as booting, isolated storage, mobile payment and other applications. Samsung's new security solution is an enhanced turnkey that follows the first-generation solution announced in February.

US officials moved Friday to cut off Chinese tech giant Huawei from global chipmakers, ramping up sanctions on the company seen by Washington as a national security risk. Officials said Huawei had been circumventing sanctions by obtaining chips and components that are produced around the world based on US technology.

The details of the attacks against Xilinx 7-Series and Virtex-6 Field Programmable Gate Arrays have been covered in a paper titled "The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs" by a group of academics from the Horst Goertz Institute for IT Security and Max Planck Institute for Cyber Security and Privacy. In contrast to other known side-channel and probing attacks against Xilinx and Altera FPGAs, the novel "Low-cost" attack aims to recover and manipulate the bitstream by leveraging the configuration interface to read back data from the FPGA device.

A potentially serious vulnerability discovered by researchers in Field Programmable Gate Array chips can expose many mission- and safety-critical devices to attacks. A team of researchers from Germany's Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and the Max Planck Institute for Security and Privacy discovered that FPGA chips are affected by a critical vulnerability - they have named it Starbleed - that can be exploited to take complete control of the chips.

Most computer systems are still very easy to hack, due to a vulnerability in memory chips produced by Samsung, Micron and Hynix, according to a study by researchers from VUSec of the Vrije Universiteit Amsterdam. The vulnerability in question is called Rowhammer, a design flaw in the internal memory chips of a device that creates the vulnerability.

Intel has posted a fresh crop of firmware updates for security flaws in its chipsets. An information-disclosure flaw in data forwarding for Intel processors prompted an advisory and firmware update, as did the already disclosed LVI design flaw.

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

Chipzilla's processors, already weighed down by defenses deployed against side-channel attacks over the past two years, could get slower still if they try to thwart this latest vulnerability: prototype compiler changes, for full mitigation, have produced performance reductions ranging from 2x to 19x. That's because LVI protection involves compiler and assembler updates that insert extra x86 instructions and replace problematic instructions with functionally equivalent but more verbose instruction sequences. "Being essentially a 'reverse Meltdown'-type attack, LVI abuses that a faulting or assisted load instruction executed within a victim domain does not always yield the expected result, but may instead transiently forward dummy values or data from various microarchitectural buffers."

Remember rowhammer vulnerability? A critical issue affecting modern DRAM chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh that refreshes adjacent rows when a victim row is accessed more than a threshold.

Remember rowhammer vulnerability? A critical issue affecting modern DRAM chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh that refreshes adjacent rows when a victim row is accessed more than a threshold.