Collaborate Disseminate
Interesting research — "Phantom Attacks Against Advanced Driving Assistance Systems": Abstract: The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/full… Continue reading Attacking Driverless Cars with Projected Images
Interesting research — "Phantom Attacks Against Advanced Driving Assistance Systems": Abstract: The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers. Since the application… Continue reading Attacking Driverless Cars with Projected Images
New research: "Pterosaurs ate soft-bodied cephalopods (Coleiodea)." News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here…. Continue reading Friday Squid Blogging: The Pterosaur Ate Squid
SIM hijacking — or SIM swapping — is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification… Continue reading SIM Hijacking
SIM hijacking — or SIM swapping — is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside… Continue reading SIM Hijacking
There’s a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the co… Continue reading New SHA-1 Attack
There’s a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2rather than264.7,… Continue reading New SHA-1 Attack
Interesting taxonomy of machine-learning failures (pdf) that encompasses both mistakes and attacks, or — in their words — intentional and unintentional failure modes. It’s a good basis for threat modeling…. Continue reading Failure Modes in Machine Learning
Interesting research: "TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents": Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training… Continue reading Manipulating Machine Learning Systems by Manipulating Training Data
Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks, by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we per-form a black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our… Continue reading TPM-Fail Attacks Against Cryptographic Coprocessors