The ECCploit paper by Lucian Cojocar won the Distinguished Practical Paper Award at IEEE Security & Privacy 2019.
After a long embargo period of 9 months we made our paper RIDL: Rogue In-Flight Data Load available to the general public. RIDL introduces a new class of speculative execution attacks that can leak any “in-flight” data available in the CPU.
More information (including some nice demo videos) are available at https://mdsattacks.com. We have also released a tool that you can use to see how vulnerable your computer is to different speculative execution attacks.
On the 12th of March, Herbert provided his view on the NatWest pilot of authorizing payments by means of fingerprints instead of PIN on BNR (Business News Radio). Many thanks to VUSec Slack chat for the long discussion on this topic 😉
VUSec researcher Pietro Frigo won the Code Blue Young Researcher Award and because he is now rich, he promises to buy us all drinks for the remainder of his Ph.D. The corresponding paper (“Grand Pwning Unit“) shows how to use the GPU to boost microarchitectural attacks (such as cache side channels and Rowhammer). Here is a picture of the lucky winner:
Best paper award for Andrei at RAID 2018.
We have shared TLBleed with several operating system projects, in order for them to be able to implement mitigations if desired. As a result of seeing TLBleed, OpenBSD decided to disable /msg99141.html">Hyperthreading by default. This has prompted some speculation that TLBleed is a spectre-like attack, but that is not the case. OpenBSD also realizes the exact impact of TLBleed. There has been significant news coverage: TheRegister (and this one), ArsTechnica, bleepingcomputer, ZDnet, Techrepublic, TechTarget, ITwire, tweakers, and a personal favorite, the SecurityNow Podcast episode 669 (mp3, show notes, youtube).
The full paper will be online soon.
This year, TLBleed will be presented at Blackhat USA. TLBleed is a new side channel attack that exploits the TLB rather than CPU caches to infer activity from a co-resident hyperthread, the full details of which we have not yet released.
Hope to see you in Vegas!
GLitch, our JS-based Rowhammer exploit that takes advantage of GPU acceleration to trigger bit flips and get control over the Firefox browser on Android made it to the news. After respecting the 90 days disclosure policy we finally went live on May 3 releasing all the details of our attack.
The research got quite some interest from the security community on Twitter and it got covered in two detailed articles on Wired and ArsTechnica. After this, it got picked up by other news outlets such as Decipher, Tweakers, The Hacker News and others.
While the great interest for the research people did not really like the demo video. The reason is attributed to the background music.
Oh well… ¯\_(ツ)_/¯
This year, VUSec had 2 papers accepted at USENIX Security ’18: Malicious Management Unit (how to use the MMU to mount indirect cache attacks and bypass software-based defenses) and TLBleed (how to mount TLB side-channel attacks across threads and leak fine-grained information).