Tag

Hardware Security

All articles tagged with #hardware security

technology2 years ago•6 min saved

Windows Hello Fingerprint Authentication Vulnerability Exposes Laptop Security Risks

Researchers have discovered vulnerabilities in Windows Hello's fingerprint authentication system that allow attackers to bypass the security feature on certain laptops. The vulnerabilities were found in the fingerprint sensors of Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro 8/X devices. The attacks involve manipulating the communication between the sensor chip and the operating system, allowing attackers to log in as a different user. The researchers recommend device makers to address these design flaws and for users to check for updates or firmware fixes.

via The Register|

#fingerprint-authentication #hardware-security #laptop-security

technology2 years ago•3 min saved

"Parisian Engineers Assist Apple in Strengthening iPhone Security"

Apple's Paris-based engineers are working diligently to break and strengthen iPhone security measures, aiming to protect vulnerable users from threats like Pegasus. The company's efforts extend beyond software, with hardware testing involving lasers and finely tuned sensors to eliminate potential security weaknesses. Apple believes its work is succeeding, but the increasing deployment of technology has led to a digital arms race, with hackers constantly developing new attack methods. Ivan Krstic, Apple's chief of security engineering and architecture, emphasizes the importance of defending users, particularly journalists and activists, against state-grade spyware. Krstic also opposes sideloading, arguing that it limits users' choice and compromises software distribution mechanisms they can trust.

via AppleInsider|

#apple #data-breaches #hardware-security

hardware-security2 years ago•1 min saved

"Reptar CPU Vulnerability: Intel Patches High-Severity Flaw Impacting Multi-Tenant Virtualized Environments"

Intel has released fixes for a high-severity CPU vulnerability called Reptar, affecting desktop, mobile, and server CPUs. The flaw, tracked as CVE-2023-23583, could allow privilege escalation, information disclosure, and denial of service via local access. Exploiting the vulnerability in a multi-tenant virtualized environment could crash the host machine, causing a denial of service to other guest machines. Intel has published updated microcode for all affected processors, and there is no evidence of active attacks using this vulnerability.

via The Hacker News|

#cpu-vulnerability #denial-of-service #hardware-security

technology2 years ago•4 min saved

Google Cloud and Accounts Vulnerable to Multiple Security Bugs

Google Cloud and Intel collaborated on a nine-month audit of Intel's new hardware security product, Trust Domain Extensions (TDX), which revealed 10 confirmed vulnerabilities, including two significant ones. The review and fixes were completed before the production of Intel's fourth-generation Intel Xeon processors, which incorporate TDX. The project is part of Google Cloud's Confidential Computing initiative, and the goal is to help chipmakers find and fix vulnerabilities before they create potential exposure for Google Cloud customers or anyone else. Additionally, Google worked with Intel to open source the TDX firmware, low-level code that coordinates between hardware and software.

via WIRED|

#confidential-computing #google-cloud #hardware-security