前沿领域

侧信道

• EUCLEAK：Revealing and Breaking Infineon ECDSA Implementation on the Way Paper
• New Side-Channel Attack on ARM: Implications for IoT Security
• Wireless Charging Power Side-Channel Attacks
• side channels: power analysis
• kbd-audio: Acoustic keyboard eavesdropping (github.com)
• DensePose From WiFi
• Hertzbleed Attack:Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips
• Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage
• GhostTalk: Interactive Attack on Smartphone Voice System Through Power Line 译文
• GhostTouch: Targeted Attacks on Touchscreens without Physical Touch 译文
• DolphinAttack: Inaudible Voice Commands
• SurfingAttack: 超声波与语音助手交互的隐秘攻击
• 利用激光雷达将小米扫地机器人改造为窃听器
• Light Commands:利用激光向 MEMS 麦克风注入命令
• Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification
• DeWiCam: 基于流量分析的隐藏的偷拍摄像头检测
• 漂亮侧信道：从timeless attack到pipeline的放大攻击
• Security Engineering: A Guide to Building Dependable Distributed Systems,3rd Edition (Chapter 19 Side Channels)
• Keytap3: acoustic keyboard eavesdropping source

故障注入

• Fault Injection - Down the Rabbit Hole
• Can You Get Root With Only a Cigarette Lighter?
• SECGlitcher (Part 1) - Reproducible Voltage Glitching on STM32 Microcontrollers
• Shedding too much Light on a Microcontroller’s Firmware Protection
• ElectronicCats/faultycat: Faulty Cat is a low-cost Electromagnetic Fault Injection (EMFI) tool, designed specifically for self-study and hobbiest research
• How to voltage fault injection
• Exception(al) Failure - Breaking the STM32F1 Read-Out Protection
• Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World?
• CVE-2021-43327 Renesas RX65 Glitching
• ESP32_nRF52_SWD: This software brings you the possibility to Read and Write the internal Flash of the Nordic nRF52 series with an ESP32
• 绕过APPROTECT提取nRF52840固件（CVE-2020-27211复现）
• nRF52 平台芯片电压毛刺注入绕过调试保护
• Bypassing the Renesas RH850/P1M-E read protection using fault injection
• Replicant: Reproducing a Fault Injection Attack on the Trezor One
• BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks?
• Bypassing the Renesas RH850/P1M-E read protection using fault injection
• Replicant: Reproducing a Fault Injection Attack on the Trezor One 译文
• Flash BASH: A tool which automates glitching and allows for precise timing attacks
• Enter the EFM32 Gecko
• The PocketGlitcher
• nRF52 Debug Resurrection (APPROTECT Bypass) Part 1 Silde
• nRF52 Debug Resurrection (APPROTECT Bypass) Part 2
• Pwn MBedTLS on ESP32: DFA Warm-up
• Attacking USB Gear with EMFI PDF
• Espressif ESP32: Bypassing Secure Boot using EMFI
• Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis
• Fault Injection - Pin2pwn
• Shedding too much Light on a Microcontroller’s Firmware Protection | USENIX

AI

• Attacking Biometric Systems with 3D Printing
• 实时中文语音克隆——开源项目MockingBird体验

芯片漏洞

• SLAM: Spectre based on Linear Address Masking
• Zenbleed
• ÆPIC Leak
• Meltdown and Spectre