vegeta@lemmy.world to Technology@lemmy.worldEnglish · 2 months agoHackers can steal 2FA codes and private messages from Android phonesarstechnica.comexternal-linkmessage-square48linkfedilinkarrow-up1241arrow-down117cross-posted to: hackernews@lemmy.bestiver.se
arrow-up1224arrow-down1external-linkHackers can steal 2FA codes and private messages from Android phonesarstechnica.comvegeta@lemmy.world to Technology@lemmy.worldEnglish · 2 months agomessage-square48linkfedilinkcross-posted to: hackernews@lemmy.bestiver.se
minus-squareA Basil Plant@lemmy.worldlinkfedilinkEnglisharrow-up7·edit-22 months agoYou can implement a counting-thread that’s even more precise than the CPU’s timer (TSC on x86) platforms. This was shown in attacks on Intel SGX, where the rdtsc instruction to access the time-stamp counter is unavailable. https://link.springer.com/chapter/10.1007/978-3-319-60876-1_1 https://arxiv.org/pdf/1702.08719 If you remove access to the timer, attackers will simply build one.
You can implement a counting-thread that’s even more precise than the CPU’s timer (TSC on x86) platforms. This was shown in attacks on Intel SGX, where the rdtsc instruction to access the time-stamp counter is unavailable.
https://link.springer.com/chapter/10.1007/978-3-319-60876-1_1
https://arxiv.org/pdf/1702.08719
If you remove access to the timer, attackers will simply build one.