Tag Archive for: random

NTT advances CPU security with new cache random function

/in


Tokyo – August 16, 2023 – NTT Corporation (NTT) in collaboration with the Research Institute of Electrical Communication, Tohoku University and CASA (Cyber Security in the Age of Large-Scale Adversaries) at Ruhr University Bochum has developed a dedicated cache random function to eliminate the vulnerability caused by delay differences with the cache which is generated in the event of acquiring and updating data between CPU memories. This research contributes to the realization of a highly secure CPU that prevents information leakage due to cache attacks.

NTT designed and proposed a Secure Cache Randomization Function (SCARF) for randomization of cache index and formulated what type of function is suitable for randomizing of cache index by providing design guidelines for randomization of cache function which formulated appropriate random function. This paper will be accepted and presented at USENIX Security ’23※ in Anaheim which will be held from August 9th to August 11th, 2023.

Key Points:

  • Modeling attackers to perform cache attacks
  • Design of a concrete function SCARF dedicated to cache index randomization
  • An efficient and secure design theory against modeled attackers is realized using a tweakable block cipher2

Background of Research:

Current CPU introduces cache memory to reduce impact of delay required to transfer data between CPU memories by accelerating on subsequence references by placing used data near the CPU. Although data referred once can be referred at high speed from the next time which also makes it available to attackers. These attacks that exploit information are called a cache attack which causes a real vulnerability and countermeasures are needed. Among other things, contention-typed cache attacks resulting from a cache scramble between the target program and the attack program are recognized as a real threat with fewer prerequisites for attackers.

Randomization of cache index is a promising way for countermeasure of contention-based cache attacks. The randomization is thought to be impossible for an attacker to exploit the cache by not being able to determine the target’s cache index used by an address, but it has not been known what level of implementation is…

Source…

Random: This Pokémon Crystal Bug Lets You Hack Game Boys Over The Internet

/in


Pokemon Crystal Suicune
Image: The Pokémon Company

If you’ve not heard of the Mobile Game Boy Adapter, we don’t blame you. This Japan-only Game Boy peripheral can connect to a Japanese mobile phone and play certain Game Boy games online. They didn’t sell very well back in the day, but trust fans to track this peripheral down to find an unusual way of using it. And, a security researcher has managed to use the adapter and Pokémon Crystal to take control of an opponent’s Game Boy remotely.

In a chat with Vice’s tech column Motherboard, Xcellerator shared his fascination with retro tech. So, with the annual Binary Golf Grand Prix — a competition to find “the smallest file which will crash a specific program” — Xcellerator wanted to use this adapter in his entry. Instead, what he ended up discovering was what he thinks is the very first case of ‘remote code execution‘ (a hack where you can run any kind of code on a target device) using a Game Boy Color.

The process was pretty lengthy for Xcellerator, as detailed over on his blog, but the gist of it is that it takes advantage of a bug in the Japanese version of Pokémon Crystal. This allowed the security researcher to trick the Game Boy into reading a different part of code — one that he managed to get inside the system. And it’s this exploit that allowed Xcellerator to control the Game Boy on the other end of the internet.

This ‘hack’ doesn’t just let you control your opponent’s Game Boy — you can also beat them by triggering the code for “no health” to just instantly wipe a Pokémon. Ouch!

Believe it or not, Xcellerator hadn’t even heard of the adapter before attempting to enter the Binary Golf Association’s Grand Prix. But because this isn’t a crash (binary), and it’s not a small feat, this is sadly not eligible. But it’s fascinating how a 22-year-old game still has unusual, complicated tricks hiding in its cartridge — with a lot of steps.

Check out the full write-up from Vice down below. And let us know about any of the strange bugs and glitches you’ve found in retro Pokémon titles in the comments!

Source…

Canada Resumes Mandatory Random COVID-19 Testing for International Arrivals

/in


Canada has resumed mandatory random testing for COVID-19 for international arrivals entering by air. The government had previously paused the testing on June 11, 2022, as part of a broader strategy to transition testing for air travelers outside of the airports.

Mandatory random testing will resume as of July 19, 2022, for travelers who qualify as fully vaccinated, arriving in Canada by air to the four major Canadian airports, Vancouver, Calgary, Montreal and Toronto. To qualify as a fully vaccinated traveler to Canada, travelers must have been vaccinated with a primary series of a COVID-19 vaccine accepted by the Government of Canada for the purpose of travel at least 14 calendar days before entering Canada.

All testing for air travelers, for both those who qualify as fully vaccinated and partially or unvaccinated people, will be completed outside of airports, either via an in-person appointment at select testing provider locations and pharmacies, or a virtual appointment for a self-swab test. Travelers who do not qualify as fully vaccinated, unless exempt, must continue to test on Day 1 and Day 8 of their mandatory 14-day quarantine.

Moving testing outside of airports will support testing for travelers arriving by air while still being able to monitor and quickly respond to new variants of concern, or changes to the epidemiological situation. Mandatory random testing continues at land border points of entry, with no changes.

Air travelers who qualify as fully vaccinated and who are selected for mandatory random testing, as well as air travelers who do not qualify as fully vaccinated, will receive an email notification within 15 minutes of completing their customs declaration. The email will contain information to help them arrange for their test with a testing provider in their region. Unvaccinated travelers can complete their tests by a virtual appointment or an in-person appointment with the test provider at their store or at select pharmacies and still respect their quarantine requirements.

All travelers must continue to use ArriveCAN (free mobile app or website) to provide mandatory travel information within 72 hours before their arrival in Canada, and/or before boarding a…

Source…

Hacking group Squad303 creates tool to send random Russian phones anti-war messages

/in


“We the people of the world have a message to the Russian nation. A nation that is to pay a huge price because of the shameful decision of the dictator Putin to attack an independent Ukraine by armed forces,” the website states.

“However, nearly 150 million Russians do not know the truth about the causes or course of the war in Ukraine. It is fed with the lies of the Kremlin propaganda. There is no free media in Russia and the internet is censored.”

When one of the sending options is clicked on, a random recipient is chosen and a stock message from a selection is pre-populated in Russian for sending with a single click.

One potential email message describes the Ukraine invasion as a “fatal step” leading to huge human losses that undermines the foundations of international security.

“The responsibility for unleashing a new war in Europe lies entirely with Russia,” it continues.

“There is no rational justification for this war. Attempts to use the situation in Donbass as a pretext for launching a military operation do not inspire any confidence.”

Squad303 said they had received direct evidence that people using the service were doing a “great job”.

“The Kremlin is afraid of you,” they wrote on Twitter.

Source…