Modern Tale of Blinkenlights
Shows how hardware LED patterns can leak sensitive data, enabling side-channel attacks through optical emissions.
This blog post demonstrates how a modern variant of an hardware attack found in the 2000's allowed the extraction of a €12 smartwatch's firmware using only cheap and robust hardware. Damien and Thomas (introduced later in this post) gave a talk on this subject at this year's leHACK edition in Paris.
#SideChannel Attacks Against LLMs
https://www.schneier.com/blog/archives/2026/02/side-channel-attacks-against-llms.html
Here are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference“: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristics. We show it is possible to exploit these timing differences to mount a timing attack. By monitoring the (encrypted) network traffic between a victim user and a remote language model, we can learn information about the content of messages by noting when responses are faster or slower. With complete black-box access, on open source systems we show how it is possible to learn the topic of a user’s conversation (e.g., medical advice vs. coding assistance) with 90%+ precision, and on production systems like OpenAI’s ChatGPT and Anthropic’s Claude we can distinguish between specific messages or infer the user’s language. We further show that an active adversary can leverage a boosting attack to recover PII placed in messages (e.g., phone numbers or credit card numbers) for open source systems. We conclude with potential defenses and directions for future work...
Ich kann meinen Account noch so stark absichern, #MFA, #biometrie, #faceid – es braucht manchmal bloß eine einzige Rechnungsnummer, um Zugang zu erhalten.
https://www.gamepro.de/artikel/psn-account-kann-gehackt-werden-mit-rechnung,3445381.html
Gutes Vergleichsbeispiel, um einen #sidechannel-Angriff auf Software zu erklären, denke ich.
Maßnahmen wie 2FA oder Passkeys sollen euren PSN-Account eigentlich vor Fremdzugriff schützen. Stattdessen reicht eine einfache Rechnung zum Hacken...
@kuketzblog Die Einstellung gibt es bei https://molly.im/ jedoch nicht bei Signal(Android), Herr Kuketz.
Um dies gänzlich zu beheben, muss es von Signal (Client + Server) gepatched werden.
Die Molly-Entwickler wollen jedoch ebenfalls Custom-Fixes bereitstellen.
https://github.com/mollyim/mollyim-android/issues/646
Signals Antwort lässt sich hier finden.
https://github.com/signalapp/Signal-Android/pull/14463#issuecomment-3613869569
P.S.: Signal ist nach wie vor sicher. Coole Kids nutzen Molly. 😁 MfG 🙏
This is a fascinating use of a #sidechannel timing attack against calls to an #AI model.
By capturing encrypted TLS traffic and measuring timing, they can very accurately determine which streams corresponded to an LLM conversation about a pre-selected topic.
TLS is intact. So their ability to recover the conversation is limited to their ability to break TLS. But they can, with high confidence, sift out all the TLS traffic for the only conversations that reference the thing they care about. They don't have to worry about spending resources breaking TLS on traffic that is unrelated. Neat #security research from #Microsoft.
Limnology exam grading
Good to look at streams and the notes
#academicchatter #Limnology #streams #fry #juveniles #sidechannel
📰 Microsoft 'Whisper Leak' Attack Can Spy on Encrypted AI Chats
🔒 Privacy Alert: Microsoft's 'Whisper Leak' attack can identify AI chat topics even through encryption. By analyzing packet sizes & timing, it spies on conversations with OpenAI, Mistral & more. #AI #Privacy #CyberSecurity #SideChannel
藍牙 AES 的 side-channel attack
#aes #attack #bluetooth #channel #encryption #learning #machine #privacy #security #side #SideChannel
kriware 
The New Oil
alip
Tech Jedi Alex
🐦🔥nemo™🐦⬛ 🇺🇦🍉
Paco Hope
Charrvein
CyberNetsecIO
Gea-Suan Lin
Ars Technica News