ThinkstScapes Research Roundup - Q2 - 2023

Privacy in the modern era

IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation

Erik Rye and Robert Beverly

[Slides] [Paper] [Code]

Device Tracking via Linux’s New TCP Source Port Selection Algorithm

Moshe Kol, Amit Klein, and Yossi Gilad

[Code] [Paper]

zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure

Michael Rosenberg, Jacob White, Christina Garman, and Ian Miers

[Paper] [Code]

3 Years in China: A Tale of Building a REAL Full Speed Anti-Censorship Router

KaiJern Lau

[Slides] [Code] [Video]

Embedded [in]security

Embedded Threats: A Deep Dive into the Attack Surface and Security Implications of eSIM Technology

Markus Vevier

[Code] [Video]

RPMB, a secret place inside the eMMC

Sergio Prado

[Blog]

Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine

Tao Sauvage

[Blog] [Video] [Slides]

The Impostor Among US(B): Off-Path Injection Attacks on USB Communications

Robert Dumitru, Daniel Genkin, Andrew Wabnitz, and Yuval Yarom

[Code] [Paper]

MagBackdoor: Beware of Your Loudspeaker as A Backdoor For Magnetic Injection Attacks

Tiantian Liu, Feng Lin, Zhangsen Wang, Chao Wang, Zhongjie Ba, Li Lu, Wenyao Xu, and Kui Ren

[Code] [Paper]

Issues at the operating system level

(Windows) Hello from the Other Side

Dirk-jan Mollema

[Slides] [Code]

Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures

Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk

[Paper] [Code]

Dirty Bin Cache: A New Code Injection Poisoning Binary Translation Cache

Koh Nakagawa

[Slides] [Code]

The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders

Willy R. Vasquez, Stephen Checkoway, and Hovav Shacham

[Slides] [Paper] [Code]

Nifty sundries

EverParse: Secure Binary Data Parsers for Everyone

Tahina Ramananandro

[Slides] [Code]

InfinityGauntlet: Expose Smartphone Fingerprint Authentication to Brute-force Attack

Yu Chen, Yang Yu, and Lidong Zhai

[Paper]

It’s (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses

Soheil Khodayari and Giancarlo Pellegrino

[Code] [Paper] [Site]

Can you trust ChatGPT’s package recommendations?

Bar Lanyado, Ortal Keizman, and Yair Divinsky

[Blog]

Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation

Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, and Qi Li

[Slides] [Paper]

Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects

Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, and Ke Xu

[Website] [Paper]