{"id":333,"date":"2022-01-10T13:13:04","date_gmt":"2022-01-10T11:13:04","guid":{"rendered":"https:\/\/kasper-oswald.de\/gb\/?page_id=333"},"modified":"2022-01-10T20:58:33","modified_gmt":"2022-01-10T18:58:33","slug":"cves-vulnerabilities","status":"publish","type":"page","link":"https:\/\/kasper-oswald.de\/gb\/research\/cves-vulnerabilities\/","title":{"rendered":"CVEs &amp; Vulnerabilities"},"content":{"rendered":"<div class=\"row\"><div class=\"column element12\"><div class=\"content typography\"><p>In the course of our research activities, team members of Kasper &amp; Oswald have discovered and reported a number of security issues and vulnerabilities:<\/p>\n<h1 id=\"section\">2021<\/h1>\n<ul>\n<li>\n        <a href=\"https:\/\/zt-chen.github.io\/voltpillager\/\">VoltPillager<\/a> fault attacks on Intel SGX<\/li>\n<li>STM8 bootloader fault injection vulnerability: <a href=\"https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/download\/8727\/8327\/\">paper<\/a><\/li>\n<li>NXP LPC1xxx series bootloader vulnerability: <a href=\"https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/download\/8727\/8327\/\">paper<\/a><\/li>\n<li>To be published: <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44421\">CVE-2021-44421<\/a><\/li>\n<\/ul>\n<h1 id=\"section-1\">2020<\/h1>\n<ul>\n<li>\n        <a href=\"https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/8546\">Attacks<\/a> on DST80 automotive cipher: Toyota, Kia, Hyundai and Tesla<\/li>\n<li>\n        <a href=\"https:\/\/platypusattack.com\/\">PLATYPUS<\/a> side-channel attacks on Intel CPUs: CVE-2020-8694 and CVE-2020-8695<\/li>\n<li>\n        <a href=\"https:\/\/platypusattack.com\/\">PLATYPUS<\/a> side-channel attacks on AMD: CVE-2020-12912<\/li>\n<li>Intel SGX SDK:  <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-0561\">CVE-2020-0561<\/a><\/li>\n<li>Microsoft Open Enclave: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-15107\">CVE-2020-15107<\/a><\/li>\n<li>Fortanix-EDP: Rust compiler patch: <a href=\"https:\/\/jovanbulck.github.io\/files\/acsac20-fpu.pdf\">paper<\/a><\/li>\n<li>Samsung Secure Folder: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-26606\">CVE-2020-26606<\/a><\/li>\n<li>Huawei Private Space: <a href=\"https:\/\/www.huawei.com\/en\/psirt\/security-advisories\/huawei-sa-20201202-01-smartphone-en\">CVE-2020-9119<\/a><\/li>\n<\/ul>\n<h1 id=\"section-2\">2019<\/h1>\n<ul>\n<li>\n        <a href=\"https:\/\/plundervolt.com\/\">Plundervolt<\/a> fault attacks on Intel SGX: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11157\">CVE-2019-11157<\/a><\/li>\n<li>Intel SGX SDK: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-14565\">CVE-2019-14565<\/a><\/li>\n<li>Microsoft Open Enclave: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0876\">CVE-2019-0876<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-1369\">CVE-2019-1369<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-1370\">CVE-2019-1370<\/a><\/li>\n<li>Fortanix-EDP: Rust compiler patch: <a href=\"https:\/\/people.cs.kuleuven.be\/%7Ejo.vanbulck\/ccs19-tale.pdf\">paper<\/a><\/li>\n<\/ul>\n<h1 id=\"section-3\">2018<\/h1>\n<ul>\n<li>Attacks on the AUT64 automotive cipher: <a href=\"https:\/\/www.cs.bham.ac.uk\/%7Egarciaf\/publications\/aut64.pdf\">paper<\/a><\/li>\n<\/ul>\n<h1 id=\"section-4\">2017<\/h1>\n<ul>\n<li>Attacks on Dexcom G4 Continuous Glucose Monitoring System: <a href=\"https:\/\/www.usenix.org\/conference\/woot17\/workshop-program\/presentation\/reverberi\">paper<\/a><\/li>\n<\/ul>\n<h1 id=\"section-5\">2016<\/h1>\n<ul>\n<li>Attacks on VW group and Hitag 2 car keys: <a href=\"https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/garcia\">paper<\/a><\/li>\n<\/ul>\n<h1 id=\"section-6\">2015<\/h1>\n<ul>\n<li>Side-channel attacks on Maxim DS28E01 and DS2432: <a href=\"https:\/\/www.cs.bham.ac.uk\/%7Eoswalddf\/publications\/cardis_2015_sha1_paper.pdf\">paper<\/a><\/li>\n<\/ul>\n<h1 id=\"section-7\">2014<\/h1>\n<ul>\n<li>Side-channel attacks on Altera Stratix III FPGAs bitstream encryption: <a href=\"https:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.436.1400&amp;rep=rep1&amp;type=pdf\">paper<\/a><\/li>\n<\/ul>\n<h1 id=\"section-8\">2013<\/h1>\n<ul>\n<li>Side-channel attacks on Altera Stratix II FPGA bitstream encryption: <a href=\"https:\/\/perso.univ-st-etienne.fr\/bl16388h\/salware\/Bibliography_Salware\/FPGA%20Bistream%20Security\/Article\/Moradi2013.pdf\">paper<\/a><\/li>\n<li>Side-channel attacks on the Yubikey 2: <a href=\"http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.642.5552&amp;rep=rep1&amp;type=pdf\">paper<\/a><\/li>\n<li>Attacks on the SimonsVoss digital locking system 3060 G2: <a href=\"https:\/\/eprint.iacr.org\/2013\/598.pdf\">paper<\/a><\/li>\n<\/ul>\n<h1 id=\"section-9\">2011<\/h1>\n<ul>\n<li>Side-channel attacks on the DESFire MF3ICD40 RFID card: <a href=\"https:\/\/www.iacr.org\/archive\/ches2011\/69170208\/69170208.pdf\">paper<\/a><\/li>\n<li>Side-channel attacks on Xilinx Virtex II FPGA bitstream encryption: <a href=\"https:\/\/eprint.iacr.org\/2011\/390.pdf\">paper<\/a><\/li>\n<\/ul>\n<h1 id=\"section-10\">2008<\/h1>\n<ul>\n<li>Side-channel attacks on Keeloq door openers: <a href=\"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-85174-5_12.pdf\">paper<\/a><\/li>\n<\/ul>\n<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"parent":8,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/pages\/333"}],"collection":[{"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/comments?post=333"}],"version-history":[{"count":2,"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/pages\/333\/revisions"}],"predecessor-version":[{"id":343,"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/pages\/333\/revisions\/343"}],"up":[{"embeddable":true,"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/pages\/8"}],"wp:attachment":[{"href":"https:\/\/kasper-oswald.de\/gb\/wp-json\/wp\/v2\/media?parent=333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}