Tag Archive for: Silicon

Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

/in


An unpatchable vulnerability has been discovered in Apple’s M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica).

m1 vs m2 air feature toned down
Named “GoFetch,” the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.

The paper finds that DMPs, especially the ones in Apple’s processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they’re dealing with.

The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there’s less for an attacker to observe and exploit.

However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.

The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.

In an email to ArsTechnica, the authors explained:

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is…

Source…

Silicon Heist: Notorious LockBit 3.0 Ransomware Gang Targets World’s Biggest Chip Maker TSMC in a Daring $70M Ransom

/in


The LockBit 3.0 ransomware group is shaking the tech world, aiming a $70M ransom gun at TSMC, the world’s largest dedicated chip foundry. Non-payment threats include publishing network entry points, passwords, and logins – a potential Armageddon for the semiconductor behemoth and its mega-clients, including Apple, Qualcomm, and Nvidia.

Updated Jun 30, 2023 | 11:32 AM IST

The Silicon Underworld Rises: A Sinister 70M Ransom

KEY HIGHLIGHTS

  • LockBit 3.0 targets TSMC, world’s largest chip foundry, demanding a staggering $70M digital ransom.
  • A TSMC data breach could send shockwaves across the tech industry, impacting major clients including Apple, Qualcomm, and Nvidia.
  • LockBit 3.0 threatens to expose network access points, passwords, and logins if the ransom is not paid.
In an audacious cyber stunt, the LockBit 3.0 ransomware group has set its sights on the colossal titan of the semiconductor industry , the Taiwan Semiconductor Manufacturing Company Limited ( TSMC ). Notoriously shaking up the digital underworld, the group has demanded an eye-watering $70 million to avoid leaking sensitive data and network details. The startling news has sent tremors through the global tech industry, given the immense repercussions this could have for TSMC’s high-profile clientele, including tech behemoths like Apple , Qualcomm , and Nvidia .

LockBit 3.0 DarkWeb Leaksite

LockBit 3.0: The DarkWeb’s Demanding Deities

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) define LockBit 3.0 operations as a Ransomware-as-a-Service (RaaS) model. This model follows a trajectory from previous versions of the ransomware, LockBit 2.0, and LockBit. The rapid adaptation and diversified tactics of LockBit affiliates pose a significant challenge for network defense and mitigation.

The Dreadful Digital Drill

The cyber villains gain initial access via a range of invasive tactics, including remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, and the abuse of valid accounts. Once they’ve breached the perimeter, they…

Source…

Seeing Machines and OMNIVISION Launch Silicon Platform with Interior Sensing Technology Optimized with Occula® Neural Processing Unit

/in


Announced at CES 2023, automakers now have a powerful and cost-effective in-cabin monitoring solution for space-constrained areas that also meets the strict European regulations

LAS VEGAS, Jan. 4, 2023 /PRNewswire/ — Seeing Machines Limited (LSE: SEE), the advanced computer vision technology company that designs AI-powered operator monitoring systems to improve transport safety, and OMNIVISION, a leading global developer of semiconductor solutions, including advanced digital imaging, analog, and touch & display technology, today announced the successful integration of Seeing Machines’ leading in-cabin monitoring system technology (ICMS) with the OMNIVISION OAX4600 system-on-chip (SoC) platform.

Optimized by Seeing Machines’ Occula® neural processing unit (NPU), the OMNIVISION OAX4600 will provide automakers with a new, powerful, and cost-effective solution to meet and exceed the regulatory requirements associated with the European Commission’s General Safety Regulation as well as Europe’s New Car Assessment Program (Euro NCAP) protocols.

Working closely together, OMNIVISION and Seeing Machines have integrated Seeing Machines’ embedded driver monitoring engine (e-DME) into the OAX4600 SoC silicon, which is specifically targeted toward the expanding automotive ICMS market. The Seeing Machines e-DME makes use of the Occula NPU integrated in the OAX4600 to reduce the load on the on-board Arm processors while accelerating the core tracking pipeline.

When paired with OMNIVISION’s broad range of high-resolution, wide-field-of-view automotive RGB-IR sensors or near-infrared (NIR) sensors, the OAX4600 device, integrated with Seeing Machines’ robust automotive ICMS solution, enables a powerful combination of performance, cost and power efficiency in a form factor that allows it to be packaged into space-constrained areas of the vehicle.

“We are very happy to be working with OMNIVISION to bring our Occula NPU to the market integrated with the OAX4600 SoC,” said Paul McGlone, CEO, Seeing Machines. “Seeing Machines’ software and hardware embedding capabilities, combined with OMNIVISION’s automotive camera sensor and design expertise, are clearly demonstrated with this silicon. We are…

Source…

Utah’s Crime-Busting Subscription-based Mobile Security System Is Going Global

/in