Security News

Arm acknowledges side-channel attack but denies Cortex-M is crocked
2023-05-15 05:36

Black Hat Asia Arm issued a statement last Friday declaring that a successful side attack on its TrustZone-enabled Cortex-M based systems was "Not a failure of the protection offered by the architecture." "The Security Extensions for the Armv8-M architecture do not claim to protect against side-channel attacks due to control flow or memory access patterns. Indeed, such attacks are not specific to the Armv8-M architecture; they may apply to any code with secret-dependent control flow or memory access patterns," argued Arm.

Intel CPUs vulnerable to new transient execution side-channel attack
2023-04-24 19:38

A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register. Instead of relying on the cache system like many other side-channel attacks, this new attack leverages a flaw in transient execution that makes it possible to extract secret data from user memory space through timing analysis.

Side-Channel Attack against CRYSTALS-Kyber
2023-02-28 12:19

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack-using power consumption-against an implementation of the algorithm that was supposed to be resistant against that sort of attack.

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users
2022-07-15 15:22

The cache-based targeted de-anonymization attack is a cross-site leak that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource with the target, followed by embedding the shared resource into the attack website. The attack, in a nutshell, aims to unmask the users of a website under the attacker's control by connecting the list of accounts tied to those individuals with their social media accounts or email addresses through a piece of shared content.

Hertzbleed: A New Side-Channel Attack
2022-06-20 11:23

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it's not generally viable because measuring power consumption is often hard.

Hartzbleed: A New Side-Channel Attack
2022-06-20 11:23

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it's not generally viable because measuring power consumption is often hard.

New Hertzbleed Side Channel Attack Affects All Modern AMD and Intel CPUs
2022-06-15 20:12

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. This can have significant security implications on cryptographic libraries even when implemented correctly as constant-time code to prevent timing-based side channels, effectively enabling an attacker to leverage the execution time variations to extract sensitive information such as cryptographic keys.

New Hertzbleed side-channel attack affects Intel, AMD CPUs
2022-06-14 19:55

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling. "In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.

New Hertzbleed side-channel attack affects Intel, AMD systems
2022-06-14 19:55

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling. "In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.

Nvidia DGX systems prone to side channel, covert attacks
2022-03-31 13:43

Nvidia's ultra-dense GPU-driven AI training and inference systems are prone to covert and side channel attacks, according to research just published from a team led by Pacific Northwest National Laboratory. Let's start with the good news: the problems are most pressing for pre-Ampere GPU generation DGX machines and luckily, the major cloud operators have made the DGX switch to Nvidia Ampere-generation DGX machines.