Security News

It leverages "Speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan said in a new paper. The vulnerability is rooted in pointer authentication codes, a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to pointers - objects that store a memory address - in memory.

The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Cybersecurity researchers Keman Huang, Michael Siegel, Keri Pearlson and Stuart Madnick in their paper Casting the Dark Web in a New Light, published in the MIT Sloan Management Review, asked whether attackers-who more often than not are one or two steps ahead of cyberdefenders-are more technically adept, or is it something else? The paper was written in 2019, but the material is as relevant now as it was then, and maybe even more so.

Scientists from MIT's Computer Science and Artificial Intelligence Lab have stepped up trying to change that with a newly built platform called SCRAM. The acronym, which stands for "Secure Cyber Risk Aggregation and Measurement," seeks to address this longstanding cybersecurity reporting issue by taking advantage of new cryptographic tools that can calculate aggregate statistics without needing organizations to disclose information about their own attacks and losses to anyone else-even to the scientists themselves. MIT released a study on the platform, in which it took internal data from seven billion-dollar companies and examined the security incidents they dealt with.

Previously, manual contact tracing was used during pandemics. The process of getting a list of everyone a patient has been in touch with, then contacting them, has a formal name called contact tracing.

"The makers of the blockchain voting platform Voatz have had to go on the offensive to address assertions from MIT researchers that their app is insecure and can be easily hacked into. MIT researchers released a lengthy paper on Thursday that said hackers could change votes through the app, which has already been used in Oregon, West Virginia, Washington, and Utah since 2018."Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted," MIT said in a news release. Michael Specter, a graduate student in MIT's Department of Electrical Engineering and Computer Science and a member of MIT's Internet Policy Research Initiative, and James Koppel, also a graduate student in EECS, described what went wrong with Voatz and how they discovered the vulnerabilities in their paper, "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S Federal Elections."

Security researchers at the Massachusetts Institute of Technology have published a technical paper that describes several security flaws in Voatz, a smartphone app used for limited online voting during the 2018 U.S. midterm elections. In their paper, the MIT researchers note that they were unable to obtain complete information about how Voatz engineers developed the company's voting application, nor were they able to access the full backend of the company's infrastructure to investigate how the app checks and verifies identity.

Vulnerabilities in the Voatz Internet voting app could allow adversaries to alter, stop, or expose a user's vote, security researchers from the Massachusetts Institute of Technology have discovered. Developed by the private Boston-based Voatz, the application is the first Internet voting app to have been used in high-stakes U.S. federal elections and is "On track to be used in the 2020 Primaries," the researchers point out.

Only a week after the mobile app meltdown in Iowa's Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia's 2018 midterm election. They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state.

The goal is to predict incidents in advance by tracing it back to the actual hijackers.

Fernando José Corbató, Turing Award winner, computer scientist extraordinaire, MIT computer lab pioneer, RIP.