The rapid integration of large language models (LLMs) into
mobileapplications has introduced a new class of credential security risk:
leaked credentials that grant unauthorized access to LLM inference services,
which can cause financial damage to the developer side. Prior work has
studied credential leakage across various platforms, with a primary focus on
Android Apps. However, to date, no empirical study has systematically
investigated how LLM API key leakageoccurs in iOS applications.
Developers are increasingly integrating Language Models (LMs)
into their mobile apps to provide features such as chat-based assistants. To
prevent LM misuse, they impose various restrictions, including limits on the
number of queries, input length, and allowed topics. However, if the LM
integration is insecure, attackers can bypass these restrictions and gain
unrestricted access to the LM, potentially harming developers’ reputations
and leading to significant financial losses.
Mobile apps store various types of secrets to support their
func-tionalities. These include API keys, and cryptographic material
toauthenticate users and access backend services. Once distributed,attackers
can reverse-engineer the apps, and these secrets becomeaccessible, posing
risks such as data leaks, and service abuse
LLM app stores have seen rapid growth, leading tothe
proliferation of numerous custom LLM apps. However, this expansion raises
security concerns. In this study, we propose a three-layer concern framework
to identify the potential security risks of LLM apps, i.e., LLM apps with
abusive potential, LLM apps with malicious intent, and LLM apps with
exploitable vulnerabilities.
Apple AirDrop and Google/Samsung Quick Share are proximity
file-transfer protocols used by over five billion devices, yet their
application-layer security properties remain largelyunstudied because both
stacks are proprietary and undocumented
Autonomous large language model (LLM) based systems have
recently shown promising results across a range of cybersecurity tasks.
However, there is no systematic study on their effectiveness in autonomously
reproducing Linux kernel vulnerabilities with concrete proofs-of-concept (PoCs).
Ransomware is a form of malware designed to encrypt files on
a device, rendering them and the systems that rely on them unusable.
Malicious actors then demand ransom in exchange for decryption.
Accessing information on the supply chain of an artificial
intelligence (AI) system, as well as its individual components and
dependencies, is critical to strengthen cybersecurity of AI. Transparency
and knowledge about AI system composition fosters vulnerability management
and supports cybersecurity risk management.
Linux Kernel Runtime Guard (LKRG) is a Linux kernel module
that performs runtime integrity checking of the kernel and detection of
security vulnerability exploits against the kernel, prevention of and
response to successful attacks, and encrypted remote logging. The project
was founded by Adam 'pi3' Zabrocki, who invited Solar Designer to join and
we released version 0.0 publicly in 2018 under Openwall umbrella (announced
as Openwall's most controversial project to date).
Passwords (or phrases) remain a distinct and ubiquitous
authentication factor. They are also widely used to derive encryption keys
for data or other keys. Password cracking is used in security audits,
penetration testing, to recover or gain access to data, keys, or funds, and
for a variety of other purposes.
This talk is based on research conducted for our Linux Kernel
Runtime Guard (LKRG) project, which is a Linux kernel module that performs
runtime integrity checking of the kernel and detection of security
vulnerability exploits against the kernel. Delivery, storage, and processing
of LKRG security events to/on a remote system is a natural extension of LKRG's
functionality. Remote logging is also valuable on its own, including for
troubleshooting and post-mortem analyses of (non-)security incidents, where
the system's local logs might be unavailable, incomplete, or tampered with.
These are the slides on LKRG that we used at CONFidence 2018.
This presentation is updated by LKRG in a nutshell (OSTconf 2020), so you
might want to check that one out as well.
Haswell is an Intel CPU microarchitecture introduced to
market in 2013 with CPUs such as Core i7-4770K (which we used for the
testing mentioned on slide 3). The information on these slides should also
apply to Intel's newer CPUs at least through the end of 2019.
These are the slides on yescrypt that we used at
BSidesLjubljana 2017. In a sense, this presentation is a continuation of
Password security: past, present, future (PHDays 2012, Passwords^12),
Password hashing at scale (YaC 2012), New developments in password hashing:
ROM-port-hard functions (ZeroNights 2012), and yescrypt: password hashing
scalable beyond bcrypt and scrypt (PHDays 2014), so you might want to check
those out as well. Also relevant is our presentation on Energy-efficient
bcrypt cracking (Passwords^14).
These are the slides we used for a lightning talk at PHDays
2015, and here's the corresponding GitHub project. Aleksey also gave a
follow-up talk at PHDays 2016.
You can play the game online in recent web browsers on fast
CPUs (we use JsDOSBox) or offline in DOSBox (which works perfectly even on
slower CPUs) or on bare metal (e.g. by adding it into a FreeDOS image). To
obtain a copy for offline play, simply unzip the PDF file below (yes, you
read this right).
These are the slides we used at PasswordsCon Las Vegas 2014 (colocated
with BSidesLV), Skytalks 2014 (colocated with DEFCON), and FSEC 2014. We
used a much older version of these slides at PasswordsCon Bergen 2013.
These are the slides on yescrypt that we used at PHDays 2014.
In a sense, this presentation is a continuation of Password security: past,
present, future (PHDays 2012, Passwords^12), Password hashing at scale (YaC
2012), New developments in password hashing: ROM-port-hard functions (ZeroNights
2012), and it is continued with yescrypt: large-scale password hashing (BSidesLjubljana
2017), so please check those out as well.
These are the slides we used at NordU2002, CanSecWest /
core02, and FOSDEM 2003 (with updates). (A Polish translation was also used
at Open Source Security 2005.)
These are the slides we used at Passwords^12. You might also
want to see Automatic wordlists mangling rules generation, also presented by
Simon at Passwords^12.
These are the slides we used at Passwords^12. You might also
want to see Distributable probabilistic candidate password generators, also
presented by Simon at Passwords^12.
These are the slides we used at ZeroNights 2012. In a sense,
this presentation is a continuation of Password security: past, present,
future (PHDays 2012, Passwords^12) and Password hashing at scale (YaC 2012),
and it is continued with yescrypt: password hashing scalable beyond bcrypt
and scrypt (PHDays 2014), so please check those out as well.
These are the slides we used at YaC 2012. In a sense, this
presentation is a continuation of Password security: past, present, future (PHDays
2012, Passwords^12) and it is continued with New developments in password
hashing: ROM-port-hard functions (ZeroNights 2012) and yescrypt: password
hashing scalable beyond bcrypt and scrypt (PHDays 2014), so please check
those out as well.
These are the slides we used at PHDays 2012 and Passwords^12
(with major updates). In a sense, this presentation is continued with
Password hashing at scale (YaC 2012) and New developments in password
hashing: ROM-port-hard functions (ZeroNights 2012), so please check those
out as well, although the most relevant material from them has been merged
into the Passwords^12 revision of this presentation.
This presentation/tutorial by Jen "Furry"
Linkova introduces those familiar with IPv4 to IPv6. It covers both "executive"
and highly technical topics, with slight bias on security and privacy.
Robotics is undergoing a significant transformation powered
by advances in highlevel control techniques based on machine learning,
giving rise to the field of robot learning.
While Rowhammer has been extensively studied in CPU-based
memory systems, a very recent work by Lin etal. (USENIX Security ‘25)
extended this line of research to GDDR6 GPU memory, demonstrating the first
Rowhammer bit flips on NVIDIA GPUs
Zero Knowledge Encryption is a term widely used by vendors of
cloud-based password managers. Although it has no strict technical meaning,
the term conveys the idea that the server, who stores encrypted password
vaults on behalf of users, is unable to learn anything about the contents of
those vaults.
Detecting whether a model has been poisoned is a longstanding
problem in AI security. In this work, we present a practical scanner for
identifying sleeper agent-style backdoors in causal language models.
Confidential Virtual Machines (CVMs), such as AMD SEVSNP, aim
to protect guest operating systems from an untrusted
host by encrypting state and constraining privileged control. These
platforms promise isolation even in multi-tenant cloud
setups where simultaneous multithreading (SMT) remains enabled
Open-weight models provide researchers and developers with
accessible foundations for diverse downstream applications. We tested the
safety and security postures of eight open-weight large language models (LLMs)
models to identify vulnerabilities that may impact subsequent fine-tuning
and deployment.
Large language models (LLMs) possess extensive knowledge and
question-answering capabilities, having been widely deployed in privacy-sensitive
domains like finance and medical consultation. During LLM inferences, cache-sharing
methods are commonly employed to enhance efficiency by reusing cached states
or responses for the same or similar inference requests.
AI assistants are becoming an integral part of society, used
for asking advice or help in personal and confidential issues. In this paper,
we unveil a novel side-channel that can be used to read encrypted responses
from AI Assistants over the web: the token-length side-channel.
Large Language Models (LLMs) are increasingly deployed in
sensitive domains including healthcare, legal services, and confidential
communications, where privacy is paramount. This paper introduces Whisper
Leak, a side-channel attack that infers user prompt topics from encrypted
LLM traffic by analyzing packet size and timing patterns in streaming
responses.
AMD SEV-SNP offers confidential computing in form of
confidential VMs, such that the untrusted hypervisor cannot tamper with its
confidentiality and integrity.
Intel's Software Guard eXtensions (SGX) is a hardware feature
in Intel servers that aims to offer strong integrity and confidentiality
properties for software, even in the presence of root-level attackers.
With Battering RAM, we show that even the latest defenses on
Intel and AMD cloud processors can be bypassed. We built a simple, $50
interposer that sits quietly in the memory path, behaving transparently
during startup and passing all trust checks.
Abstract—Virtualization is a cornerstone of modern cloud
infrastructures, providing the required isolation to customers. This
isolation, however, is threatened by speculative execution attacks which the
CPU vendors attempt to mitigate by extending the isolation to the branch
predictor state.
Abstract—DDR5 has shown an increased resistance to Rowhammer
attacks in production settings. Surprisingly, DDR5 achieves this without
additional refresh management commands, pointing to the deployment of more
sophisticated inDRAM Target Row Refresh (TRR) mechanisms.
A lack of accessible data has historically restricted malware
analysis research, and practitioners have relied heavily on datasets
provided by industry sources to advance.
Abstract—Since the disclosure of the row hammer (RH) attack
phenomenon in 2014, a significant threat to system security, it has been
active research in both industry and academia.
Rowhammer is a hardware vulnerability present in nearly all
computer memory, allowing attackers to modify bits in memory without
directly accessing them.
While conventional backdoor attacks on deep neural networks (DNNs)
assume the attacker can manipulate the training data or process, recent
research introduces a more practical threat model by injecting backdoors
during the inference stage.
Large Language Models (LLMs) are becoming integral components
of complex software systems, where they serve as intelligent agents that can
interpret natural language instructions, make plans, and execute actions
through external tools and APIs
Rowhammer is a read disturbance vulnerability in modernDRAM
that causes bit-flips, compromising security and reliability. While
extensively studied on Intel and AMD CPUs with DDR and LPDDR memories, its
impact on GPUs using GDDR memories, critical for emerging machine learning
applications, remains unexplored
Users interact with mobile devices under the assumption
that the graphical user interface (GUI) accurately reflects their
actions, a trust fundamental to the user experience.
We argue that Large language models (LLMs) will soon
alter the economics of cyberattacks. Instead of attacking the most
commonly used software and monetizing exploits by targeting the lowest
common denominator among victims, LLMs enable adversaries to launch
tailored attacks on a user-by-user basis.
Linux kernel vulnerability reproduction is a critical task in
systemsecurity. To reproduce a kernel vulnerability, the vulnerable
environment and the Proof of Concept (PoC) program are needed. Most existing
research focuses on the generation of PoC, while the construction of
environment is overlooked. However, establishing an effective vulnerable
environment to trigger a vulnerability is challenging
Content Delivery Networks (CDNs) provide high availability,
speed up content delivery, and safeguard against DDoS attacks for their
hosting websites. To achieve the aforementioned objectives, CDN designs
several back-to-origin strategies that proactively pre-pull resources and
modify HTTP requests and responses.
Command and Control (C2) attacks involve establishing an
encrypted connection between victim
machines and C2 servers. Utilizing Image-based C2 makes it more challenging
for the network security and forensic analysis, even when firewalls have
decryption capabilities enabled.
The reliance of popular programming languages such as Python
and JavaScript on centralized package repositories and open-source software,
combined with the emergence of code-generating Large Language Models (LLMs),
has created a new type of threat to the software supply chain: package
hallucinations. T
Apple silicon is the proprietary ARM-based processor that
powers the mainstream of Apple devices. The move to this proprietary
architecture presents unique challenges in addressing security issues,
requiring huge research efforts into the security of Apple silicon-based
systems. In this paper, we study the security of KASLR, the randomization-based
kernel hardening technique, on the stateof-the-art macOS system equipped
with Apple silicon processors.
To bridge the ever-increasing gap between the fast execution
speed of modern processors and the long latency of memory accesses, CPU
vendors continue to introduce newer and more advanced optimizations. While
these optimizations improve performance, research has repeatedly
demonstrated that they may also have an adverse impact on security.
Since Spectre’s initial disclosure in 2018, the difficulty of
mitigating speculative execution attacks completely in hardware has led to
the proliferation of several new variants and attack surfaces in the past
six years. Most of the progeny build on top of the original Spectre attack’s
key insight, namely that CPUs can execute the wrong control flow transiently
and disclose secrets through side-channel traces when attempting to
alleviate control hazards, such as conditional or indirect branches and
return statements.
The effectiveness of transient execution defenses rests on
obscure model-specific operations that must be correctly implemented in
microcode and applied by software. In this paper, we study branch predictor
invalidation through.
Large language models (LLMs) have significantly enhanced the
performance of numerous applications, from intelligent conversations to text
generation. However, their inherent security vulnerabilities have become an
increasingly significant challenge, especially with respect to jailbreak
attacks.
Cloud storage is ubiquitous: Google Drive, Dropbox, and
OneDrive are household names. However, these services do not provide end-to-end
encryption (E2EE), meaning that the provider has access to the data stored
on their servers. The promise of end-to-end encrypted cloud storage is that
users can have the best of both worlds, keeping control of their data using
cryptographic techniques, while still benefiting from low-cost storage
solutions.
This groundbreaking report unveils the discovery of a technology suite and its connection to Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia.
The core of the RADIUS protocol predates modern secure cryptographic design. Surprisingly, in the two decades since Wang et al. demonstrated an MD5 hash collision in 2004, RADIUS has not been updated to remove MD5. In fact, RADIUS appears to have received notably little security analysis given its ubiquity in modern networks.
In this proof-of-concept (PoC) report, we used Recorded Future Identity Intelligence’s vast trove of information stealer (“infostealer”) malware data to identify consumers of child sexual abuse material (CSAM), surface additional sources, and arrive at geographic and behavioral trends for the most popular sources
This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs.
Virtual Private Networks (VPNs) authenticate and encrypt network traffic to protect users’ security and privacy, and are used in professional and personal settings to defend against malicious actors, circumvent censorship, remotely work from home, etc. It is therefore essential that VPNs are secure.
Subgraph representation learning is a technique for analyzing local structures (or shapes) within complex networks. Enabled by recent developments in scalable Graph Neural Networks (GNNs), this approach encodes relational information at a subgroup level (multiple connected nodes) rather than at a node level of abstraction.