The New OilFeb 18

#SideChannel Attacks Against LLMs

https://www.schneier.com/blog/archives/2026/02/side-channel-attacks-against-llms.html

#cybersecurity #AI #LLM

Side-Channel Attacks Against LLMs - Schneier on Security

Here are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference“: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristics. We show it is possible to exploit these timing differences to mount a timing attack. By monitoring the (encrypted) network traffic between a victim user and a remote language model, we can learn information about the content of messages by noting when responses are faster or slower. With complete black-box access, on open source systems we show how it is possible to learn the topic of a user’s conversation (e.g., medical advice vs. coding assistance) with 90%+ precision, and on production systems like OpenAI’s ChatGPT and Anthropic’s Claude we can distinguish between specific messages or infer the user’s language. We further show that an active adversary can leverage a boosting attack to recover PII placed in messages (e.g., phone numbers or credit card numbers) for open source systems. We conclude with potential defenses and directions for future work...

Schneier on Security
alipJan 10
Watch this video, https://www.youtube.com/watch?v=_6BcuHpp9eU and vote this person as president. #sydbox denies sysipvc(7) API by default, thank me later: https://man.exherbo.org/syd.7.html#Shared_Memory_Hardening #exherbo #linux #security #sidechannel
#NullconBerlin2025 | Derandomizing Kernel Object Locations w Software Hardware-Induced Side Channels

YouTube
Tech Jedi AlexDec 25

Ich kann meinen Account noch so stark absichern, #MFA, #biometrie, #faceid – es braucht manchmal bloß eine einzige Rechnungsnummer, um Zugang zu erhalten.

https://www.gamepro.de/artikel/psn-account-kann-gehackt-werden-mit-rechnung,3445381.html

Gutes Vergleichsbeispiel, um einen #sidechannel-Angriff auf Software zu erklären, denke ich.

Riesige PSN-Sicherheitslücke entdeckt: Macht ihr nur einen Fehler, kann euer PlayStation-Account gehackt werden - trotz Zwei-Faktor-Authentifizierung

Maßnahmen wie 2FA oder Passkeys sollen euren PSN-Account eigentlich vor Fremdzugriff schützen. Stattdessen reicht eine einfache Rechnung zum Hacken...

GamePro
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Dec 17

@kuketzblog Die Einstellung gibt es bei https://molly.im/ jedoch nicht bei Signal(Android), Herr Kuketz.

Um dies gänzlich zu beheben, muss es von Signal (Client + Server) gepatched werden.

Die Molly-Entwickler wollen jedoch ebenfalls Custom-Fixes bereitstellen.

https://github.com/mollyim/mollyim-android/issues/646

Signals Antwort lässt sich hier finden.

https://github.com/signalapp/Signal-Android/pull/14463#issuecomment-3613869569 

https://archive.is/DNZG9

#sidechannel #CarelessWhisper

P.S.: Signal ist nach wie vor sicher. Coole Kids nutzen Molly. 😁 MfG 🙏

Molly

Molly is an improved Signal app for Android

Paco HopeNov 20

This is a fascinating use of a #sidechannel timing attack against calls to an #AI model.

By capturing encrypted TLS traffic and measuring timing, they can very accurately determine which streams corresponded to an LLM conversation about a pre-selected topic.

TLS is intact. So their ability to recover the conversation is limited to their ability to break TLS. But they can, with high confidence, sift out all the TLS traffic for the only conversations that reference the thing they care about. They don't have to worry about spending resources breaking TLS on traffic that is unrelated. Neat #security research from #Microsoft.

#cybersecurity #infosec #LLM

​​Whisper Leak: A novel side-channel attack on remote language models | Microsoft Security Blog

Understand the risks of encrypted AI traffic exposure and explore practical steps users and cloud providers can take to stay secure. Learn more.

Microsoft Security Blog
CharrveinNov 10

Limnology exam grading

Good to look at streams and the notes

#academicchatter #Limnology #streams #fry #juveniles #sidechannel

CyberNetsecIONov 9

📰 Microsoft 'Whisper Leak' Attack Can Spy on Encrypted AI Chats

🔒 Privacy Alert: Microsoft's 'Whisper Leak' attack can identify AI chat topics even through encryption. By analyzing packet sizes & timing, it spies on conversations with OpenAI, Mistral & more. #AI #Privacy #CyberSecurity #SideChannel

🔗 https://cyber.netsecops.io/articles/microsoft-reveals-whisper-leak-attack-infers-ai-chat-topics-from-encrypted-traffic/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Microsoft 'Whisper Leak' Attack Can Spy on Encrypted AI Chats

Microsoft researchers detail 'Whisper Leak,' a new side-channel attack that can infer the topic of encrypted AI chat sessions by analyzing network traffic patterns, posing a major privacy risk.

CyberNetSec.io
Gea-Suan LinNov 3

https://blog.gslin.org/archives/2025/11/04/12722/%e8%97%8d%e7%89%99-aes-%e7%9a%84-side-channel-attack/

藍牙 AES 的 side-channel attack

#aes #attack #bluetooth #channel #encryption #learning #machine #privacy #security #side #SideChannel

藍牙 AES 的 side-channel attack

看到對藍芽 AES 的 side-channel attack:「Is Your Bluetooth Chip Leaking Secrets via RF Signals? (via)」。 透過 machine learning 的幫助,在一米外收 side-channel information,每次加密大約會有 10k 次的 sample data,取 90k 次就能還原 (所以大約是 9 次 encrypti...

Gea-Suan Lin's BLOG
Ars Technica NewsOct 13
Hackers can steal 2FA codes and private messages from Android phones https://arstechni.ca/nGsq #sidechannel #pixnapping #Security #android #privacy #Biz&IT #Google
Hackers can steal 2FA codes and private messages from Android phones

Malicious app required to make “Pixnapping” attack work requires no permissions.

Ars Technica
Amit ChoudhariSep 24

I presented “NICraft: Malicious NIC Firmware-based Cache Side-channel Attack” at ESORICS 2025.
We show a cache side-channel launched from the NIC itself. We devised new signal amplification (Aging + Domino) to turn small evictions into a clear timing gap. The attack requires no RDMA/DDIO, no kernel/driver mods.
Thank you for attending and for the great discussion!

Slides: https://github.com/amit-choudhari/NICraft/releases/download/slides/NICraft_esorics.pdf
Paper: https://cispa.saarland/group/rossow/papers/nicraft-esorics2025.pdf

With @rossow and Shorya Kumar
#ESORICS #sidechannel #NIC #SmartNIC