Tag: hackers

Unpatchable vulnerability in Apple chip leaks secret encryption keys

A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

Beware of hardware optimizations

The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years.

Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which can create changes in state that attackers can exploit to leak information. In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, regardless of their operands. It does this by keeping code free of secret-dependent memory accesses or structures.

The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data. As a result, the DMP often reads the data and attempts to treat it as an address to perform memory access. This “dereferencing” of “pointers”—meaning the reading of data and leaking it through a side channel—is a flagrant violation of the constant-time paradigm.

Keep reading

Beijing’s military hacked U.S. nuclear firm before Hunter Biden aided Chinese bid to acquire it

U.S. officials were acutely aware that Beijing was trying to obtain America’s premiere nuclear reactor technology, including through illicit hacking, months before Hunter Biden and his business partners sought to arrange a quiet sale of an iconic U.S. reactor company to a Chinese firm, according to court records and national security experts.

Hunter Biden’s unsuccessful efforts to help CEFC China Energy acquire Westinghouse, one of America’s most famous electricity and appliance brands, and its state-the-art AP1000 nuclear reactor began in early 2016 while Joe Biden was still a sitting vice president, memos published Wednesday by Just the News show.

Just 20 months earlier, his father’s Justice Department charged five members of a Chinese military hacking unit for breaching the company’s computer systems in search of intellectual property and internal strategy communications, according to a copy of the indictment.

In May 2014, the five operatives of the People’s Liberation Army’s Unit 61398 were charged with hacking into the systems of six U.S.-based companies across different industrial sectors, including Westinghouse Electric Co., SolarWorld, United States Steel Corp., and a union. The attorney general at the time, Eric Holder, called the breach a classic case of “economic espionage.”

One operative gained access to Westinghouse’s computers in 2010 and “stole proprietary and confidential technical and design specifications related to pipes, pipe supports, and pipe routing” pertaining to the company’s advanced AP1000 nuclear reactor design, according to an indictment filed by the Department of Justice.

“Among other things, such specifications would enable a competitor to build a plant similar to the AP1000 without incurring significant research and development costs associated with designing similar pipes, pipe supports, and pipe routing systems,” the indictment reads.

File

Criminal No. 14-118 USA vs. Wang Dong et al.pdf

National security experts said Thursday they were floored that the son of a sitting vice president would be involved in trying to help a Chinese firm get a leg up on the United States in the race for nuclear energy and that Hunter Biden’s involvement with CEFC almost certainly would have been detected by U.S. intelligence and prompted concern. 

Documents previously released by Congress in the Biden impeachment inquiry show the Biden family appeared to be acutely aware that CEFC was tied directly to the communist government in China.

While there is no evidence at the moment that Hunter Biden was aware of or involved in the hacking efforts by the Chinese, Hunter Biden wrote in one text message in 2017 that he believed one of the CEFC officials he worked with, Patrick Ho, was the “f—ing spy chief” of China (Ho was lated indicted in the U.S. and charged with corruption) while Joe Biden’s brother James told the FBI he believed CEFC Chairman Ye Jianming had a relationship with China’s communist president.

“It’s beyond outrageous that Hunter Biden would be involved in any such deal with Communist China while his father is the sitting vice president,” former Trump-era Deputy National Security Advisor Victoria Coates told the “Just the News, No Noise” television show. “I mean just the glaring conflicts of interest are hard to wrap your brain around. But particularly with Westinghouse.”

Keep reading

Hackers can read private AI assistant chats even though they’re encrypted

AI assistants have been widely available for a little more than a year, and they already have access to our most private thoughts and business secrets. People ask them about becoming pregnant or terminating or preventing pregnancy, consult them when considering a divorce, seek information about drug addiction, or ask for edits in emails containing proprietary trade secrets. The providers of these AI-powered chat services are keenly aware of the sensitivity of these discussions and take active steps—mainly in the form of encrypting them—to prevent potential snoops from reading other people’s interactions.

But now, researchers have devised an attack that deciphers AI assistant responses with surprising accuracy. The technique exploits a side channel present in all of the major AI assistants, with the exception of Google Gemini. It then refines the fairly raw results through large language models specially trained for the task. The result: Someone with a passive adversary-in-the-middle position—meaning an adversary who can monitor the data packets passing between an AI assistant and the user—can infer the specific topic of 55 percent of all captured responses, usually with high word accuracy. The attack can deduce responses with perfect word accuracy 29 percent of the time.

Keep reading

Feds Target Journalist Tim Burke With Law Intended for Hackers

People engaged in journalism frequently acquire information others wish would never see the light of day. This often means gathering tips in violation of workplace rules or through other people’s carelessness. That can result in legal battles and, in the age of technology and cybercrime, in governments coming after the curious with tools crafted for malicious hackers. All this appears to be the case with Tim Burke, who has been targeted with a controversial law by the feds after gathering information through electronic means.

“Federal prosecutors in Florida have obtained a disturbing indictment against well-known journalist Tim Burke,” the Freedom of the Press Foundation (FPF) warned last week. “The indictment could have significant implications for press freedom, not only by putting digital journalists at risk of prosecution but by allowing the government to permanently seize a journalist’s computers.”

Specifically, in the February 15 indictment, federal prosecutors say that Burke “intentionally intercepted, endeavored to intercept, and procured another person to intercept and to endeavor to intercept, the contents of a wire, oral, and electronic communication as it was occurring, by means of a device, namely a computer.”

Burke’s home was raided last year after he distributed intercepted video, including outtakes of the rapper Ye (formerly Kanye West) making antisemitic comments during an interview with Tucker Carlson while the host was still with Fox News. Burke has built a reputation with his very online presence and distinctive style. He has also rubbed some people the wrong way with his reporting and, perhaps, the means by which he acquires material. But the prosecutors going after Burke are also accused of resorting to questionable tactics, including invoking the Computer Fraud and Abuse Act, an anti-hacking law.

Keep reading

Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.

Biometric fingerprint security is widespread and widely trusted. If things continue as they are, it is thought that the fingerprint authentication market will be worth nearly $100 billion by 2032. However, organizations and people have become increasingly aware that attackers might want to steal their fingerprints, so some have started to be careful about keeping their fingerprints out of sight, and become sensitive to photos showing their hand details.

Without contact prints or finger detail photos, how can an attacker hope to get any fingerprint data to enhance MasterPrint and DeepMasterPrint dictionary attack results on user fingerprints? One answer is as follows: the PrintListener paper says that “finger-swiping friction sounds can be captured by attackers online with a high possibility.” The source of the finger-swiping sounds can be popular apps like Discord, Skype, WeChat, FaceTime, etc. Any chatty app where users carelessly perform swiping actions on the screen while the device mic is live. Hence the side-channel attack name – PrintListener.

Keep reading

‘Extremely Alarming’ Election Threats Trigger Warning From FBI

An FBI official warned that state election systems are being targeted as the 2024 election approaches, describing them as “extremely alarming.”

“The threat environment, unfortunately, is very high,” said Tim Langan, executive assistant director for the Criminal, Cyber, Response, and Services Branch of the FBI during a Washington conference with secretaries of state, according to Stateline. “It is extremely alarming.”

Officials said that voter databases could be hacked via phishing or ransomware attacks. They also warned about the rising use of artificial intelligence (AI) that could be used to potentially trick voters, according to the report.

Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), told the news outlet that there have been significant advancements that could allow China, North Korea, and Russia to target election systems.

“We are in a really difficult cybersecurity environment right now,” he said. “Every single location is at risk regardless of size, regardless of sector,” he added

Neither official provided any concrete examples in the report. But during the event, Kentucky Republican Secretary of State Michael Adams said last month that a bomb threat was called into the state capitol in Frankfort, saying that explosives would “make sure you all end up dead.” No bombs were found, and eight other state capitols received threats.

Keep reading

AI will increase the number and impact of cyber attacks, intel officers say

The assessment, from the UK’s Government Communications Headquarters, predicted ransomware will be the biggest threat to get a boost from AI over the next two years. AI will lower barriers to entry, a change that will bring a surge of new entrants into the criminal enterprise. More experienced threat actors—such as nation-states, the commercial firms that serve them, and financially motivated crime groups—will likely also benefit, as AI allows them to identify vulnerabilities and bypass security defenses more efficiently.

“The emergent use of AI in cyber attacks is evolutionary not revolutionary, meaning that it enhances existing threats like ransomware but does not transform the risk landscape in the near term,” Lindly Cameron, CEO of the GCHQ’s National Cyber Security Centre, said. Cameron and other UK intelligence officials said that their country must ramp up defenses to counter the growing threat.

The assessment, which was published Wednesday, focused on the effect AI is likely to have in the next two years. The chances of AI increasing the volume and impact of cyber attacks in that timeframe were described as “almost certain,” the GCHQ’s highest confidence rating. Other, more-specific predictions listed as almost certain were:

  • AI improving capabilities in reconnaissance and social engineering, making them more effective and harder to detect
  • More impactful attacks against the UK as threat actors use AI to analyze exfiltrated data faster and more effectively, and use it to train AI models
  • Beyond the two-year threshold, commoditization of AI-improving capabilities of financially motivated and state actors
  • The trend of ransomware criminals and other types of threat actors who are already using AI will continue in 2025 and beyond.

The area of biggest impact from AI, Wednesday’s assessment said, would be in social engineering, particularly for less-skilled actors.

“Generative AI (GenAI) can already be used to enable convincing interaction with victims, including the creation of lure documents, without the translation, spelling and grammatical mistakes that often reveal phishing,” intelligence officials wrote. “This will highly likely increase over the next two years as models evolve and uptake increases.”

The assessment added: “To 2025, GenAI and large language models (LLMs) will make it difficult for everyone, regardless of their level of cyber security understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts.”

Keep reading

Hackers Exploit Third-Party Cookies to Access Google Accounts Without Passwords

Security experts at CloudSEK have reportedly identified a new form of malware that exploits third-party cookies, allowing unauthorized access to Google accounts without the need for passwords.

The Independent reports the alarming security breach, first announced on a Telegram channel by a hacker in October 2023, exploits vulnerabilities in third-party cookies. Specifically, it targets Google authentication cookies, which are normally used to streamline user access without repeated logins.

Hackers have devised a method to extract these cookies, allowing them to bypass password-based security and even two-factor authentication mechanisms to access user accounts.

This exploit is a major risk for all Google accounts as it allows for ongoing access to Google services, even after a user’s password has been changed. An analysis by the cybersecurity firm CloudSEK indicates that several hacking groups are actively experimenting with this technique.

Keep reading

How John Deere Hijacked Copyright Law To Keep You From Tinkering With Your Tractor

Discussions about the repairability of high-tech devices tend to focus on mass-market products: smartphones, laptops, video game consoles, and other commonplace devices. Less apparent is the repairability of tractors, cultivators, combines, and other heavy agricultural equipment that are equally reliant on computers and software. As with smartphone or laptop repairs, farmers and right-to-repair advocates have long complained that agricultural equipment manufacturers have used software to lock owners out of their products. To combat such restrictions, farmers and white-hat hackers have joined in an unlikely alliance to “liberate the tractors.”

As with other types of hardware, such as smart cars, the “techiness” of heavy agricultural machinery has become an impediment to meaningful ownership. Now, companies such as John Deere have vertically integrated the entire ecosystem for equipment, requiring customers to purchase repair services exclusively from dealers and using software to prevent independent repairs. 

Whenever software has been used to prevent the owners of products from altering or repairing their property, groups of ideologically driven individuals have used their skills to circumvent such constraints. Agricultural equipment is no different, and hackers have taken it upon themselves to “jailbreak” or open up the closed software systems that prevent independent repairs. In the words of one such hacker, “We want farmers to be able to repair their stuff for when things go wrong, and now that means being able to repair or make decisions about the software in their tractors.”

Hackers have now developed tools that would give power back to the owners of farm equipment, allowing farmers unversed in handling software to circumvent manufacturers’ software locks and independently make repairs and service their equipment. There’s only one problem with this movement to liberate the tractors: It’s a violation of federal copyright law.

Under Section 1201 of the Digital Millennium Copyright Act (DMCA), any individual who produces or uses a tool designed to circumvent software intended to keep them out of a system faces five years in federal prison and a fine of up to $500,000. Those penalties double for each subsequent infraction. This means software developers who build tools to get around John Deere’s software blocks could receive a 10-year prison sentence and a $1 million fine for each time they distribute their tool. Although the Copyright Office has implemented a narrow exception to the law for certain circumstances, a farmer who purchases such a tool could also end up in federal prison. 

The Copyright Office technically has the ability to implement broad, permanent exclusions to Section 1201 but has so far refused to act absent expressed congressional authorization. Fortunately, there are some in Congress that recognize this issue and have proposed solutions.

Keep reading

The Digital ID Rollout Is Becoming a Hacker’s Dream

Governments and corporations around the world are showing great enthusiasm in either already implementing, or planning to implement some form of digital IDs.

As it turns out ironically, these efforts are presented to citizens as not only making their lives easier through convenience, but also making sure their personal data contained within these digital IDs is safer in a world teeming with malicious actors.

Opponents have been warning about serious privacy implications, but also argue against the claim that data security actually gets improved.

It would appear they are right – at least according to a report by a cybersecurity firm issued after the hacker attacks happening around the Christmas holiday, something that’s now been dubbed “Leaksmas.”

Not only governments, but hackers as well love digital IDs and huge amounts of personal information all neatly gathered in one place, and, judging by what’s been happening recently, in many instances, sitting there pretty much easily available to them.

And hackers have expressed this love by making digital ID data their primary focus, the firm, Resecurity, said in its report. Resecurity claims that this is a clear fact, and that it was able to discern it by analyzing data dumps once they started appearing on the dark web after the Christmas-time “digital smash-and-grabs.”

In numbers, a staggering 50 million records containing personally identifiable information have surfaced on the dark web. The reason so many stolen datasets have made it to the black digital market all at once appear to be “technicalities” related to the time window during which most of it will be “sellable”.

Keep reading