CVEs & Vulnerabilities
In the course of our research activities, team members of Kasper & Oswald have discovered and reported a number of security issues and vulnerabilities:
2021
- VoltPillager fault attacks on Intel SGX
- STM8 bootloader fault injection vulnerability: paper
- NXP LPC1xxx series bootloader vulnerability: paper
- To be published: CVE-2021-44421
2020
- Attacks on DST80 automotive cipher: Toyota, Kia, Hyundai and Tesla
- PLATYPUS side-channel attacks on Intel CPUs: CVE-2020-8694 and CVE-2020-8695
- PLATYPUS side-channel attacks on AMD: CVE-2020-12912
- Intel SGX SDK: CVE-2020-0561
- Microsoft Open Enclave: CVE-2020-15107
- Fortanix-EDP: Rust compiler patch: paper
- Samsung Secure Folder: CVE-2020-26606
- Huawei Private Space: CVE-2020-9119
2019
- Plundervolt fault attacks on Intel SGX: CVE-2019-11157
- Intel SGX SDK: CVE-2019-14565
- Microsoft Open Enclave: CVE-2019-0876, CVE-2019-1369, CVE-2019-1370
- Fortanix-EDP: Rust compiler patch: paper
2018
- Attacks on the AUT64 automotive cipher: paper
2017
- Attacks on Dexcom G4 Continuous Glucose Monitoring System: paper
2016
- Attacks on VW group and Hitag 2 car keys: paper
2015
- Side-channel attacks on Maxim DS28E01 and DS2432: paper
2014
- Side-channel attacks on Altera Stratix III FPGAs bitstream encryption: paper
2013
- Side-channel attacks on Altera Stratix II FPGA bitstream encryption: paper
- Side-channel attacks on the Yubikey 2: paper
- Attacks on the SimonsVoss digital locking system 3060 G2: paper
2011
- Side-channel attacks on the DESFire MF3ICD40 RFID card: paper
- Side-channel attacks on Xilinx Virtex II FPGA bitstream encryption: paper
2008
- Side-channel attacks on Keeloq door openers: paper