Eucleak

Our work unearths a side-channel vulnerability in the cryptographic library of Infineon Technologies, one of the biggest secure element manufacturers. This vulnerability – that went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non constant-time modular inversion.

Regresshion

The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.

Rabbitude security-disclosure 1

On may 16, 2024, the rabbitude team gained access to the rabbit codebase and found several critical hardcoded api keys in its code.

Kobold letters

Kobold letters is a technique to include elements in a HTML email that appear or disappear depending on the context in which the email is viewed.

GoFetch

GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).

SGAxe

SGAxe is an evolution of CacheOut, specifically targeting SGX enclaves. We show that despite extensive efforts done by Intel in order to mitigate SGX side channels, an attacker can still breach the confidentiality of SGX enclaves even when all side channel countermeasures are enabled.

Terrapin Attack

Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel.

By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

5Ghoul

A family of implementation-level 5G vulnerabilities. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek.

Inject My PDF

Inject My PDF allows you to inject invisible text into your PDF that will make any AI language model think you are the perfect candidate for the job.

iLeakage

A transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones.

GPU.zip

GPU.zip is a new type of side channel that exposes visual data processed on the graphics processing unit (GPU). This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression.

TunnelCrack

TunnelCrack is a combination of two widespread security vulnerabilities in VPNs. An adversary can abuse these vulnerabilities to leak traffic outside the VPN tunnel.

Downfall

Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability enables a user to access and steal data from other users who share the same computer.

acropalypse

acropalypse allows previously redacted details to be reclaimed, if the screenshots were taken and changes were made, using the markup editing tool found on Google Pixel devices.

Hertzbleed is a new family of side-channel attacks: frequency side channels. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure.

ALPACA Attack

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates.

FragAttacks

A collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices.