Yet another side channel attack, this time on Apple Silicon Aarch64: https://predictors.fail/files/SLAP.pdf

Can the informaiton leaked by #sidechannel #subconscious - #timespace ever be anonymized scientifically?

They wake you from your dreams (subconscious) to target your daytime (gravity).

Their capabilities aren't really for terrorism, they're for terrorizing.

https://spaceplace.nasa.gov/gravitational-waves/en/

https://www.ligo.caltech.edu/page/what-are-gw

https://en.wikipedia.org/wiki/Laser_Interferometer_Space_Antenna

https://securityaffairs.com/168667/security/tor-project-commented-on-deanonymizing-technique.html

Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.

But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.

There are two phases to the attack:

(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.

(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.

https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf

This is unfortunate because I received a pair of these recently that I've been meaning to take out of the package. I guess they won't be issuing recalls?

https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf

Announcing SnailLoad, the first fully remote website- and video-fingerprinting attack working via arbitrary TCP connections.
SnailLoad does not require any attacker code on the victim machine, any TCP connection is enough.

Great collaboration with Roland Czerny, Jonas Juffinger, Fabian Rauscher, @silent_bits and @lavados.

See the website for the full paper and a live demo: https://www.snailload.com
(1/3)

I had the pleasure to contribute to the #USENIX2024 paper "Divide and Surrender", recovering the full secret key from the reference implementation of the HQC Key Encapsulation Mechanism, exploiting a timing side channel arising from non-constant-time modulo operations.
Thanks to Robin Leander Schröder and Qian Guo for this opportunity and congratulations to Robin Leander Schröder for getting his first paper accepted at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/divide_and_surrender.pdf

Mordechai Guri's SATAn Side Channel Attach Turns Harddrive SATA Cables Into A Transmitting Antenna

#Infosec #Cybersecurity #privacy #Israel #Tech #Radio #Sidechannel #SATA #antenna #Security #Data
https://hackaday.com/2022/07/22/satan-turns-hard-drive-cable-into-antenna-to-defeat-air-gapped-security/