Comment on Hackers can steal 2FA codes and private messages from Android phones
majster@lemmy.zip 3 weeks ago
Never ending side channel attacks. Stallman was right, only 100% FOSS gives you control over your device.
And given that a lot of this stuff is relying on timing the only reliable cure is to make everything slow. But no one wants that. Or maybe getting rid of precise timers in userspace. It would be funny if stopwatch precision was bound to screen refresh rate.
ChaosMonkey@lemmy.dbzer0.com 3 weeks ago
That wouldn’t be too bad. There could be a new permission for precise time.
ABasilPlant@lemmy.world 3 weeks ago
You can implement a counting-thread that’s even more precise than the CPU’s timer (TSC on x86) platforms. This was shown in attacks on Intel SGX, where the rdtsc instruction to access the time-stamped counter is unavailable.
link.springer.com/chapter/…/978-3-319-60876-1_1
arxiv.org/pdf/1702.08719
ABasilPlant@lemmy.world 3 weeks ago
…and there you go:
ccs25files.zoolab.org/main/…/3719027.3765061.pdf
Literally published less than a day ago: