🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Our latest work, #ZenHammer 🔨, shows that #AMD Zen 2/3/4 systems are equally vulnerable to frequency-based #Rowhammer as #Intel systems. We also present the first #Rowhammer bit flips on #DDR5 DRAM. (1/2)

ETH researchers found a way to exploit the #EasyRide function of the Swiss Federal Railways (#SBB) app to travel for free on trains, but also proposed solutions to prevent such #Manipulation. 📱 brnw.ch/21wJN5v Michele Marazzi #LocationData

ETH-Forschende haben einen Weg gefunden, die #EasyRide-Funktion der SBB-App für Gratisfahrten zu missbrauchen, aber auch Lösungen vorgeschlagen, um solche #Manipulationen zu verhindern. 📱 brnw.ch/21wJN5F Michele Marazzi #Positionsdaten

With RISC-H, we demonstrate the first Rowhammer bit flips on a high-end RISC-V CPU! We had to devise a novel method to order memory requests and carefully characterize the system to avoid bottlenecks comsec.ethz.ch/wp-content/fil… presented @ DRAMSec (ISCA) with Kav :)

Had lots of fun today at DRAMSec (RowhammerSec?) with Kav, Stefan Saroiu, and @mointweets, among others. Definitely great discussions and questions from some very active participants. If you haven't yet, checkout the papers at dramsec.ethz.ch

Yesterday was the last day for ISCA'24. It has been an amazing event, full of good discussions and ideas. The organizers did an amazing job and the community impressed me for the openness in discussing projects. You should submit your work to ISCA'25! ISCA

Vuoi conoscere tutti gli speaker e i talk che verranno presentati durante i 3 giorni del MOCA2024? Trovi tutto al link: moca.camp/speaker-talk/i… Cosa aspetti ad acquistare il tuo biglietto? Sarà un MOCA straordinario! #MOCA2024 #MOCA #MetroOlografixCamp #MetroOlografix #hacker

We define 𝜇CFI, a new CPU security property that detects microarchitectural constant time violations and CPU vulnerabilities that allow control-flow-hijacking attacks (4 RISC-V CVEs) or proves their absence: comsec.ethz.ch/research/hardw… (Paper at CCS'24) Flavien Solt Kav

Confused deputy attacks on EDA software generate vulnerable hardware from secure RTL. TransFuzz discovers 20 such translation bugs in open-source EDA (25 CVEs). Will be presented at USENIX Security '25. comsec.ethz.ch/wp-content/fil… Kav Kathi Ceesay-Seitz

HW defenses against Spectre are tricky: they need to be applied correctly by the SW, and we need to trust that the HW does what its supposed to. Our latest work "Breaking the Barrier" exploits loopholes in both of these issues on Intel and AMD parts. comsec.ethz.ch/breaking-the-b…

Guess what? #IBPB (the speculation barrier) was broken in microcode for return instructions on the latest Intel CPUs. Linux also used it wrongly for AMD CPUs, so we could revive #Inception!

In less significant news, we have an open PhD position in COMSEC at ETH. We like low-level hw/sw with a security twist (think CPU/DRAM/RTL/browser/kernel). If you enjoy collaboration and want to see how deep the rabbit hole goes, send us your application! jobs.ethz.ch/job/view/JOPG_…

long embargo, but there is a demo with good music at least: youtu.be/jrsOvaN7PaA

🚨 New Rowhammer paper 🔨 Our latest work McSee reveals that Intel & AMD CPUs don't use DDR5's RFM cmds 🚫 and Intel uses pTRR on client CPUs 💥 Meet McSee, our oscilloscope-based platform that exposes hidden DDR4/5 behaviors 🧐 👉 comsec.ethz.ch/mcsee #Rowhammer #Security