Comment on Hackers can steal 2FA codes and private messages from Android phones
majster@lemmy.zip 3 days ago
Never ending side channel attacks. Stallman was right, only 100% FOSS gives you control over your device.
And given that a lot of this stuff is relying on timing the only reliable cure is to make everything slow. But no one wants that. Or maybe getting rid of precise timers in userspace. It would be funny if stopwatch precision was bound to screen refresh rate.
ChaosMonkey@lemmy.dbzer0.com 2 days ago
That wouldn’t be too bad. There could be a new permission for precise time.
ABasilPlant@lemmy.world 2 days ago
You can implement a counting-thread that’s even more precise than the CPU’s timer (TSC on x86) platforms. This was shown in attacks on Intel SGX, where the rdtsc instruction to access the time-stamped counter is unavailable.
link.springer.com/chapter/…/978-3-319-60876-1_1
arxiv.org/pdf/1702.08719
ABasilPlant@lemmy.world 2 days ago
…and there you go:
ccs25files.zoolab.org/main/…/3719027.3765061.pdf
Literally published less than a day ago: