side channels – Weekly Geek

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

reader comments 118 The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides in a… Read More »

Hackers can force iOS and macOS browsers to divulge passwords and much more

Kim et al. reader comments 49 with Researchers have devised an attack that forces Apple’s Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices. iLeakage, as the academic researchers have named the attack, is practical… Read More »