Tag

Side Channel Attack

All articles tagged with #side channel attack

technology2 months ago•4 min saved

Microsoft Reveals 'Whisper Leak' Threat to Encrypted AI Chat Privacy

Microsoft has revealed a new side-channel attack called Whisper Leak that can infer the topics of encrypted AI chat traffic by analyzing packet size and timing, posing privacy risks. The attack can identify sensitive conversation topics despite encryption, and mitigation strategies like adding random text to responses are recommended. This highlights vulnerabilities in current language models and the need for enhanced security measures.

via The Hacker News|

#ai-security #encryption #language-models

technology1 year ago•3 min saved

"Apple Silicon Vulnerability Exposes Crypto Keys to 'GoFetch' Attack"

A new side-channel attack called "GoFetch" targets Apple M1, M2, and M3 processors, allowing attackers to steal secret cryptographic keys from the CPU's cache. The attack exploits a hardware vulnerability in the data memory-dependent prefetchers (DMPs) found in these CPUs, making it difficult to fix with a hardware solution. While software fixes could mitigate the issue, they would impact the CPUs' cryptographic functions. Apple owners are advised to practice safe computing habits and await potential security updates from Apple.

via BleepingComputer|

#apple #cpu-vulnerability #cryptographic-keys

cybersecurity1 year ago•3 min saved

"Security Risks in ChatGPT Plugins Expose Data and Accounts"

Third-party plugins for OpenAI ChatGPT could be exploited by threat actors to hijack accounts on third-party websites, such as GitHub, and access sensitive data. Security flaws in ChatGPT and its ecosystem, including OAuth manipulation and zero-click account takeover vulnerabilities, have been uncovered by Salt Labs. Additionally, a new side-channel attack has been identified, allowing attackers to extract encrypted responses from AI assistants by inferring token lengths in network traffic. Countermeasures such as random padding and transmitting tokens in larger groups are recommended to mitigate the effectiveness of the side-channel attack.

via The Hacker News|

#account-takeover #chatgpt #cybersecurity

vulnerability-endpoint-security2 years ago•2 min saved

"New GPU Side-Channel Attack Exposes Major Suppliers' Vulnerabilities"

Researchers have discovered a new side-channel attack called GPU.zip that exploits graphical data compression in modern GPUs, rendering them vulnerable to information leakage. The attack can be used to steal pixels from a cross-origin iframe in web browsers, bypassing critical security boundaries such as same-origin policy. Chrome and Microsoft Edge are particularly susceptible, while Firefox and Safari are not impacted. The attack can be mitigated by denying cross-origin embedding and implementing X-Frame-Options and Content Security Policy rules.

via The Hacker News|

#gpu #graphics-processing-units #information-leakage

cybersecurity2 years ago•1 min saved

Hackers Steal Encrypted Keys by Recording Power LEDs from 60 Feet Away

Researchers from Cornell University and Ben-Gurion University of the Negev have developed a method of stealing encrypted keys by analysing the brightness and colour of a device's power light. The team showed the effectiveness of the method by hijacking an internet-connected security camera and capturing footage of the power LED of a smart card reader 16 metres away. After processing and analysing the footage, the team was able to recover the 256-bit key. The method is a form of side-channel attack, which exploits information gleaned from a fundamental or physical characteristic of a system, inadvertently leaking information to hackers.

via Futurism|

#cryptography #cybersecurity #encryption