Tag Archive for: Encryption

Scientists install encryption shield to protect advanced Chinese quantum computer from attack

/in


The new methods are to replace the conventional public-key cryptography system, which could be vulnerable in the face of quantum computers with powerful computing capabilities.

01:58

China denies accusations of state-sponsored hacking from US, UK and New Zealand

China denies accusations of state-sponsored hacking from US, UK and New Zealand

The report quoted Dou Menghan, deputy director of the Anhui Quantum Computing Engineering Research Centre, as saying the “anti-quantum attack shield” was developed and used for the first time by Origin Quantum, the developer of the computer named after the Monkey King of Chinese mythology.

“This shows that China’s home-grown superconducting quantum computer can play both offence and defence in the field of quantum computing,” he said.

“This is also an important exploration of the application of new data security technologies in China.”

Origin launched its first superconducting quantum computer in 2020. The next year, the company delivered the 24-qubit Wuyuan second-generation machine – the country’s first practical quantum computer – making China the third country capable of delivering a complete quantum computing system after Canada and the United States.

The third-generation Wukong is powered by a 72-qubit home-grown superconducting quantum chip, also known as the Wukong chip.

In January, the superfast computer opened remote access to the world, attracting global users from countries such as the US, Bulgaria, Singapore, Japan, Russia and Canada to perform quantum computing tasks.

In traditional computing, a bit is the basic unit of information that represents either zero or one. A quantum bit, or qubit, takes it a step further by being able to represent zero, one, or both simultaneously.

Lawmaker urges China to safeguard tech production chain for a quantum edge

Because quantum computers can simultaneously represent multiple possibilities, they hold theoretical potential for significantly faster and more powerful computation compared to the everyday computers we use now.

But the subatomic particles central to this technology are fragile, short-lived and prone to errors if exposed to minor disturbances from the surroundings. Most…

Source…

Apple Chip Flaw Leaks Secret Encryption Keys

/in


The next time you stay in a hotel, you may want to use the door’s deadbolt. A group of security researchers this week revealed a technique that uses a series of security vulnerabilities that impact 3 million hotel room locks worldwide. While the company is working to fix the issue, many of the locks remain vulnerable to the unique intrusion technique.

Apple is having a tough week. In addition to security researchers revealing a major, virtually unpatchable vulnerability in its hardware (more on that below), the United States Department of Justice and 16 attorneys general filed an antitrust lawsuit against the tech giant, alleging that its practices related to its iPhone business are illegally anticompetitive. Part of the lawsuit highlights what it calls Apple’s “elastic” embrace of privacy and security decisions—particularly iMessage’s end-to-end encryption, which Apple has refused to make available to Android users.

Speaking of privacy, a recent change to cookie pop-up notifications reveals the number of companies each website shares your data with. A WIRED analysis of the top 10,000 most popular websites found that some sites are sharing data with more than 1,500 third parties. Meanwhile, employer review site Glassdoor, which has long allowed people to comment about companies anonymously, has begun encouraging people to use their real names.

And that’s not all. Each week, we round up the security and privacy news we don’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Apple’s M-series of chips contain a flaw that could allow an attacker to trick the processor into revealing secret end-to-end encryption keys on Macs, according to new research. An exploit developed by a team of researchers, dubbed GoFetch, takes advantage of the M-series chips’ so-called data memory-dependent prefetcher, or DMP. Data stored in a computer’s memory have addresses, and DMP’s optimize the computer’s operations by predicting the address of data that is likely to be accessed next. The DMP then puts “pointers” that are used to locate data addresses in the machine’s memory cache. These caches can be accessed by an attacker in…

Source…

Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys

/in


An unpatchable vulnerability has been discovered in Apple’s M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper (via ArsTechnica).

m1 vs m2 air feature toned down
Named “GoFetch,” the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next and retrieve it in advance. This is meant to make processing faster, but it can unintentionally reveal information about what the computer is doing.

The paper finds that DMPs, especially the ones in Apple’s processors, pose a significant threat to the security provided by constant-time programming models, which are used to write programs so that they take the same amount of time to run, no matter what data they’re dealing with.

The constant-time programming model is meant to protect against side-channel attacks, or types of attacks where someone can gain sensitive information from a computer system without directly accessing it (by observing certain patterns, for example). The idea is that if all operations take the same amount of time, there’s less for an attacker to observe and exploit.

However, the paper finds that DMPs, particularly in Apple silicon, can leak information even if the program is designed not to reveal any patterns in how it accesses memory. The new research finds that the DMPs can sometimes confuse memory content, which causes it to treat the data as an address to perform memory access, which goes against the constant-time model.

The authors present GoFetch as a new type of attack that can exploit this vulnerability in DMPs to extract encryption keys from secure software. The attack works against some popular encryption algorithms that are thought to be resistant to side-channel attacks, including both traditional (e.g. OpenSSL Diffie-Hellman Key Exchange, Go RSA decryption) and post-quantum (e.g. CRYSTALS-Kyber and CRYSTALS-Dilithium) cryptographic methods.

In an email to ArsTechnica, the authors explained:

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is…

Source…

Apple buffs up iMessage security with quantum computer-proof encryption

/in


iMessage on an Android phone

Dhruv Bhutani / Android Authority

TL;DR

  • Apple is creating a new form of encryption for iMessage.
  • This new layer of encryption aims to prevent harvest now, decrypt later attacks.

Today’s encryption is good enough to defend against most encryption cracking attempts. But will today’s encryption hold up when pitted against more powerful computers in the future? Apple is not waiting to find out and is updating the security protocol for its messaging app to handle attacks from quantum computers.

According to Bloomberg, Apple is introducing a new form of encryption meant for iMessage called PQ3 cryptographic protocol. This new encryption layer will work alongside the company’s existing encryption tools.

PQ3 was designed to prevent what’s known as harvest now, decrypt later attacks. This is an attack where the perpetrator — like a nation-state hacker — extracts as much encrypted data as they can get. They then sit on that data, waiting for a future when quantum computers are powerful and reliable enough to crack the encryption.

The day when quantum computers become capable enough to tear through most encryption is referred to by experts as “Q-day.” There’s no agreement on when Q-day will arrive, with some believing it could happen in the coming decades. Given that Apple is taking this precaution now suggests that the company believes this day will come sooner than later.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it’s your choice.

Source…