Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.
In the press:
The Fixed Coordinate Invalid Curve Attack is a new attack, which could be applied to all current Bluetooth pairing protocols.The pairing protocol is the process of connection establishment in Bluetooth. This process supplies the ground for all of the security and privacy features provided by Bluetooth. Failing to secure this process compromises the entire Bluetooth session.
Our new attack provides a new technique for attacking the Bluetooth pairing protocol by manipulating specific messages, without being detected by the victim devices. Our attack relies on a newly discovered protocol design flaws.
Using our attack, one can exploit this vulnerability in order to reveal the encryption key of the victim devices and use it in order to decrypt and forge data without user awareness.
- The Academic paper is here.
- The technion’s press release is here (and here in Hebrew)
- you can read more about it here
Cortana = Microsoft voice-activated virtual personal assistant. Microsoft was notified and is currently working on a solution. The results will be presented in Black Hat USA conference in August.
The Silence paper received the best student paper award at the prestigious PODC 2018 conference. by Guy Goren and Prof. Yoram Moses
plausible deniability. Existing plausible deniability systems do not fulfill all of the following requirements: (1) resistance to multiple snapshot attacks where an attacker compares the state of the device over time; (2) ensuring that hidden data won’t be destroyed when the public volume is modified by a user unaware of the hidden data; and (3) disguising writes to secretdata as normal system operations on public data. We explain why existing solutions do not meet all these requirements and present the Ever-Changing Disk (ECD), a generic scheme for plausible deniability storage systems that meets all of these requirements. An ECD stores hidden data inside a large volume of pseudorandom data. Portions of this volume are periodically migrated in a log-structured manner. Hidden writes can then be interchanged with normal firmware operations. The expected access patterns and time until hidden data is overwritten are completely predictable, and insensitive to whether data is hidden. Users control the rate of internal data migration (R), trading write bandwidth to hidden data for longevity of the hidden data. For a typical 2TB disk and setting of R, a user preserves hidden data by entering her secret key every few days or weeks. See Paper here
ASPLOS ’18: ACM International Conference on Architectural Support for Languages and Operating Systems
March, 2018, Williamsburg, VA, to appear
BibTeX Read More