After a long embargo period of 9 months we made our paper RIDL: Rogue In-Flight Data Load available to the general public. RIDL introduces a new class of speculative execution attacks that can leak any “in-flight” data available in the CPU.
More information (including some nice demo videos) are available at https://mdsattacks.com. We have also released a tool that you can use to see how vulnerable your computer is to different speculative execution attacks.
On the 12th of March, Herbert provided his view on the NatWest pilot of authorizing payments by means of fingerprints instead of PIN on BNR (Business News Radio). Many thanks to VUSec Slack chat for the long discussion on this topic 😉
We have shared TLBleed with several operating system projects, in order for them to be able to implement mitigations if desired. As a result of seeing TLBleed, OpenBSD decided to disable /msg99141.html">Hyperthreading by default. This has prompted some speculation that TLBleed is a spectre-like attack, but that is not the case. OpenBSD also realizes the exact impact of TLBleed. There has been significant news coverage: TheRegister (and this one), ArsTechnica, bleepingcomputer, ZDnet, Techrepublic, TechTarget, ITwire, tweakers, and a personal favorite, the SecurityNow Podcast episode 669 (mp3, show notes, youtube).
The full paper will be online soon.
GLitch, our JS-based Rowhammer exploit that takes advantage of GPU acceleration to trigger bit flips and get control over the Firefox browser on Android made it to the news. After respecting the 90 days disclosure policy we finally went live on May 3 releasing all the details of our attack.
The research got quite some interest from the security community on Twitter and it got covered in two detailed articles on Wired and ArsTechnica. After this, it got picked up by other news outlets such as Decipher, Tweakers, The Hacker News and others.
While the great interest for the research people did not really like the demo video. The reason is attributed to the background music.
Oh well… ¯\_(ツ)_/¯
Network infrastructure attacks are a growing threat, and are addressed by a budding VUSec research project.
KPN recently published the fifth European Cyber Security Perspectives – edition 2018. It features an article detailing an early version of an active research project of VUsec, called Packet Origin Fidelity (POF), a detection method of network infrastructure attacks.
There has been significant media coverage over the CPU flaws known as meltdown and spectre. In the wake of one of our researchers, using only public information and speculation, reproducing the bug before the embargo got lifted, the vusec group has been asked to comment in several pieces, including tweakers.net, wired.com, volkskrant.nl, nos.nl, HBO Vice news tonight (video), news.com.au.
Prof. Herbert Bos, Prof. Michel van Eeten, and Prof. Bart Jacobs on the 24th released a joint Dutch statement and proposal on the inadequacy of academic cybersecurity funding in The Netherlands. Funding that is up to 50x higher in neighboring countries is causing a drain of talented researchers away from The Netherlands.
The proposal calls for the development of a three-pronged strategy to maintain the high academic standard of Dutch research organizations, funded by in total a budget of €100 million over 10 years, in a combination of public and private investment.
This proposal was covered in Computable last week and Prof. Bos was a guest on BNR News Radio at 06:00 AM this morning for discussion.
Herbert was interviewed on BNR Radio (Dutch). The interview is mostly about Rowhammer vulnerabilities.
On March 2nd, Herbert and his dog were interviewed for De Kennis van Nu on Dutch national TV. Â (Dog enters 13m43s into the show.)
Today we announce ASLR^Cache, a MMU sidechannel exploiting a micro-architectural property of all modern CPU models. This signal is even visible from Javascript and breaks ASLR in sandboxed environments. The name ASLR^Cache (or simply AnC) is a reference to the fact that ASLR and CPU caches are mutually exclusive on modern architectures. For more information, please see our AnC project page.
Press outlets and other organisations have picked up on this work: wired, arstechnica, ACM Tech News, NCSC, bleepingcomputer.com, Tom’s Hardware, security.nl, theregister, tweakers.net, digitaljournal.com, CSO Australia, hackaday, slashdot, securityweek.com, heise.de, theinquirer.net, itnews.com.au, eejournal.com, habrahabr.ru, impress.co.jp, paper.li, boingboing.net.
Also some of our favourite podcasts picked it up:Â securitynow episode 600, Â ISC Internet Storm Center podcast, risky.biz episode #444.