HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ManDeJan

no profile record

Submissions

Kartoffels: Programming game where you write firmware for potatoes

kartoffels.pwy.io
2 points·by ManDeJan·2 years ago·0 comments

Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and ARM SoCs

arxiv.org
14 points·by ManDeJan·3 years ago·4 comments

comments

ManDeJan
·2 months ago·discuss
This is very exciting to me
ManDeJan
·6 months ago·discuss
Kudos to the Sansec team for manually verifying the results and not flooding maintainers with AI generated bug reports
ManDeJan
·12 months ago·discuss
How does this work with interrupts, say in an embedded context, that execute on the current stack, and that may in some cases, be interrupted themselves. Do you add the maximum stack depth of all interrupt routines that could go off at the same time?
ManDeJan
·2 years ago·discuss
'd you be interested in sharing the discord? :)

I try every year to optimize for speed in zig: https://github.com/ManDeJan/advent-of-code
ManDeJan
·2 years ago·discuss
I read the firmware, it's build with the Arduino IDE and PWM for the heater element is bitbanged and updated from the main loop. Meaning it can easily get stuck sending a MQTT message over wifi when it loses connection, causing the heater to possibly be left on indefinitely.
ManDeJan
·2 years ago·discuss
A neat project for sure but as it stands this has major safety issues. The control logic is able to lock up and keep the boilers heating element in an forever "on" state till something snaps. I couldn't find a mention of safety in the manual nor see any mechanical safety failsafes in case of overheating.
ManDeJan
·3 years ago·discuss
The drive to create thinner, lighter, and more energy efficient devices has resulted in modern SoCs being forced to balance a delicate tradeoff between power consumption, heat dissipation, and execution speed (i.e., frequency). While beneficial, these DVFS mechanisms have also resulted in software-visible hybrid side-channels, which use software to probe analog properties of computing devices. Such hybrid attacks are an emerging threat that can bypass countermeasures for traditional microarchitectural side-channel attacks. Given the rise in popularity of both Arm SoCs and GPUs, in this paper we investigate the susceptibility of these devices to information leakage via power, temperature and frequency, as measured via internal sensors. We demonstrate that the sensor data observed correlates with both instructions executed and data processed, allowing us to mount software-visible hybrid side-channel attacks on these devices. To demonstrate the real-world impact of this issue, we present JavaScript-based pixel stealing and history sniffing attacks on Chrome and Safari, with all side channel countermeasures enabled. Finally, we also show website fingerprinting attacks, without any elevated privileges.