This article explains the variety of sensors built into modern Android smartphones, how developers access them via the SensorManager API, the required permissions, and analyzes several memory, logic, and side‑channel vulnerabilities that expose user privacy and system integrity.
This article explains why side‑channel attacks threaten SM2, SM3, and SM4 algorithms, describes the vulnerabilities of table‑lookup and double‑and‑add implementations, and presents constant‑time scalar multiplication and selection methods in Go to protect private keys on blockchain platforms.
This article explains the Spectre hardware side‑channel vulnerability, its exploitation via speculative execution and cache timing, demonstrates simple JavaScript attacks, and reviews various browser mitigation strategies such as cache‑control headers, disabling high‑resolution timers, COOP, COEP, and CORB to reduce attack surface.
An imaginative tale reveals how two covert agents exploit the Linux kernel’s DelayedACKLost counter via /proc/net/netstat, using it to infer TCP sequence numbers and perform a side‑channel hijack, while illustrating the underlying delayed ACK mechanism, related kernel functions, and the security implications of this hidden metric.
Researchers demonstrate that even computers isolated from networks can exfiltrate secret data by modulating fan speed to create vibrations that a nearby smartphone’s accelerometer can capture and decode, revealing a new low‑bandwidth side‑channel attack called AiR‑ViBeR.
The article explains the Meltdown vulnerability affecting Intel CPUs, detailing how malicious unprivileged code can exploit out‑of‑order execution and a Flush+Reload side‑channel to read kernel memory, describing the attack path, secret channel construction, page‑fault handling, probe array setup, and code examples.
