Connect with us

News

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

Published

on

Cache Side Channel Attack

A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor.

“An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website,” the researchers said. “The attacker knows this target only through a public identifier, such as an email address or a Twitter handle.”

The cache-based targeted de-anonymization attack is a cross-site leak that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource (e.g., image, video, or a YouTube playlist) with the target, followed by embedding the shared resource into the attack website.

This can be achieved by, say, privately sharing the resource with the target using the victim’s email address or the appropriate username associated with the service and then inserting the leaky resource using an <iframe> HTML tag.

In the next step, the attacker tricks the victim into visiting the malicious website and clicking on the aforementioned content, causing the shared resource to be loaded as a pop-under window (as opposed to a pop-up) or a browser tab — a method that’s been used by advertisers to sneakily load ads.

This exploit page, as it’s rendered by the target’s browser, is used to determine if the visitor can access the shared resource, successful access indicating that the visitor is indeed the intended target.

The attack, in a nutshell, aims to unmask the users of a website under the attacker’s control by connecting the list of accounts tied to those individuals with their social media accounts or email addresses through a piece of shared content.

In a hypothetical scenario, a bad actor could share a video hosted on Google Drive with a target’s email address, and follow it up by inserting this video in the lure website. Thus when visitors land on the portal, a successful loading of the video could be used as a yardstick to infer if their victim is one among them.

anonymity

The attacks, which are practical to exploit across desktop and mobile systems with multiple CPU microarchitectures and different web browsers, are made possible by means of a cache-based side channel that’s used to glean if the shared resource has been loaded and therefore distinguish between targeted and non-targeted users.

Put differently, the idea is to observe the subtle timing differences that arise when the shared resource is being accessed by the two sets of users, which, in turn, occurs due to differences in the time it takes to return an appropriate response from the web server depending on the user’s authorization status.

The attacks also take into account a second set of differences on the client-side that happens when the web browser renders the relevant content or error page based on the response received.

“There are two main causes for differences in the observed side channel leakages between targeted and non-targeted users – a server-side timing difference and a client-side rendering difference,” the researchers said.

Cache Side Channel Attack

While most popular platforms such as those from Google, Facebook, Instagram, LinkedIn, Twitter, and TikTok were found susceptible, one notable service that’s immune to the attack is Apple iCloud.

It’s worth pointing out the de-anonymization method banks on the prerequisite that the targeted user is already logged in to the service. As mitigations, the researchers have released a browser extension called Leakuidator+ that’s available for Chrome, Firefox, and Tor browsers.

To counter the timing and rendering side channels, website owners are recommended to design web servers to return their responses in constant time, irrespective of whether the user is provisioned to access the shared resource, and make their error pages as similar as possible to the content pages to minimize the attacker-observable differences.

“As an example, if an authorized user was going to be shown a video, the error page for the non-targeted user should also be made to show a video,” the researchers said, adding websites should also be made to require user interaction before rendering content.

“Knowing the precise identity of the person who is currently visiting a website can be the starting point for a range of nefarious targeted activities that can be executed by the operator of that website.”

The findings arrive weeks after researchers from the University of Hamburg, Germany, demonstrated that mobile devices leak identifying information such as passwords and past holiday locations via Wi-Fi probe requests.

In a related development, MIT researchers last month revealed the root cause behind a website fingerprinting attack as not due to signals generated by cache contention (aka a cache-based side channel) but rather due to system interrupts, while showing that interrupt-based side channels can be used to mount a powerful website fingerprinting attack.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

The Best Recommended Resorts in Nusa Dua Bali

Published

on

The Best Recommended Resorts in Nusa Dua Bali

Nusa Dua is one of Bali’s areas built specifically for tourism in the 1970s. Since then, many luxury hotels and resorts were built everywhere in the Nusa Dua area. For those who want an exciting vacation with family or friends, there are many choices for the bali resort nusa dua .

These accommodations have luxurious facilities ranging from spas, private swimming pools, restaurants, and many more. All resorts in Nusa Dua also have sparkling white sand and calm waves as their view. What are the recommendations for the best resorts in Nusa Dua?

Best Resort Recommendations in Nusa Dua Bali

1. Laguna Resort & Spa

Staying at Laguna Resort & Spa will make you feel very comfortable. When entering the resort, you will be greeted with the sound of a gong and dancers in traditional costumes showing off their artistic talents. Laguna Resort & Spa also provides spacious rooms with large beds and luxurious bathrooms. 

Each room has a tropical garden interspersed with a lagoon pool. This resort also has gym facilities, a spa, and a sumptuous breakfast. There is also a beach bar if you want a cocktail. If you want to stay in a place that offers luxurious facilities and emphasizes local culture, pay a visit to Laguna Resort & Spa. The lodging at this resort is also not so expensive compared to other luxury hotels in Nusa Dua.

2. Resort St. Regis Bali

Located on the sand of Nusa Dua beach, St Regis is the next choice of resort for accommodation options. This resort has a traditional Balinese concept with olive green furnishings. Interestingly, you can swim in a vast lagoon from Resort St. Regis Bali, the size is three times the size of the Olympic swimming pool. 

Furthermore, this resort is also equipped with a thalassotherapy spa. Resort St. Regis Bali also provides a ‘Children’s Learning Center’ facility so parents who bring their children can leave them there. The Children’s Learning Center offers a curriculum to stimulate and entertain children while their parents enjoy the holidays.

3. Hilton Bali Resort

Hilton Bali Resort is perched on a cliff overlooking the beautiful Indian Ocean. You can see Nusa Lembongan clearly from this resort because of its location on a cliff. Hilton Bali Resort is facilitated with a family swimming pool with water slides, an outdoor playground that will make the kids happy, a spa, and a kids club. There are also gazebos and loungers on the private beach. At sunset, there is an observation tower that you and your family can visit to see the fantastic sunset views.

You can visit the lodging recommendations above for those traveling with their family and looking for the best resorts in Nusa Dua, Bali. All of them have extraordinary views with complete and luxurious facilities!

Continue Reading

News

4 Important Tips for Having a Vacation Abroad

Published

on

4 Important Tips for Having a Vacation Abroad

Are you planning to go abroad but still don’t know what to prepare? People dream of going abroad, especially to countries like America and Europe. If this is your first time going abroad, you should check the following tips!

Prepare All Important Documents

The first thing you need to do is prepare important documents. For example, passports, ID cards, visas, and international driving licenses if you are going to drive abroad. Make sure you know whether the country you are going to visit is visa-free or not. For Southeast Asian countries, the Maldives and Turkey are visa-free, so you only have to have a passport. But a visa is still needed if you want to go to South Korea, Europe, or America. Make sure to scan your document and save it in the cloud like Google Drive or iCloud. Oh, yes, remember to check your vaccination status. Because every country needs your health information.

Make Itineraries

Itinerary is important for those who want to travel abroad. The reason is holidays abroad cost a lot of money, so when you can, take advantage of it with a well-planned schedule. Research in detail the tourist destinations you want to visit. For example, what is unique in it, ticket prices, transportation to get there, to the distance from the inn you’re staying. Remember to include places to eat that you want to try. Make sure the place to eat is according to your preferences, such as halal or free of certain food allergies.

Book Tickets in Advance

When you know how long you will be on vacation with the itinerary that has been prepared, it’s time to book plane tickets and lodging. Find cheap tickets by:

  1. Using promos and discounts on travel agent applications.
  2. Comparing which price is lower and what kind of facilities you will get.
  3. Choosing accommodation that fits your budget but is still comfortable.

Oh yes, also remember to check how the pandemic situation is in the country you are going to visit. Do you have to quarantine or not? Because it will affect your itinerary and accommodation. Due to the pandemic conditions that have not fully recovered, check whether there is still Indonesia quarantine after returning from vacation.

Exchange Money and Check Your ATM Cards

Exchange your currency into the destination country’s currency, for example, yen, euros, dollars, won, and others. But remember, don’t carry too much cash because it’s also prone to theft, besides being wasteful. For the rest, you can do cashless transactions. Check your bank’s ATM card to see if it has Visa, MasterCard, or Cirrus logos. This row of stamps indicates that your bank is working with banks abroad. Or you can also use a credit card to make your transaction easier.

Continue Reading

News

Down 43%, Is This Tech Stock Worth Buying Right Now?

Published

on

Down 43%, Is This Tech Stock Worth Buying Right Now?

Skyworks Solutions (NASDAQ: SWKS) announced its fiscal 2022 fourth-quarter results (for the three months ended September 30) on November 3, and the supplier Apple’s stock price has risen 11% since then.

Skyworks beat expectations and showed solid growth at a time when smartphone sales were declining, but forecasts show the chipmaker is about to hit a bump. With that said, let’s take a closer look at the latest results from the chipmaker. Let’s take a closer look at whether the stock can sustain new momentum after losing 43% of its value in 2022.

Skyworks solutions deliver reliable results for non-mobile businesses
Skyworks’ fourth-quarter revenue increased 7% year-over-year to a record $1.4 billion. The company also reported non-GAAP (adjusted) earnings of $3.02 per share, up 15% year-over-year. Skyworks easily justified analyst estimates of $2.91 per share. For the year, the company’s revenue increased 7% to $5.5 billion and earnings rose similarly to $11.24 per share.

The strong growth of chipmakers in the fourth quarter was the result of successful diversification into new markets such as Internet of Things (IoT) and automotive, as well as relationships with major smartphone original equipment manufacturers (OEMs). Yes, it helped make up for it. Weakness in the smartphone market. space. However, it was the non-mobile business that put a lot of effort into Skyworks last quarter.
As CFO Chris Sennesael noted in the report, the company generated $500 million in revenue from broad market segments (counting chip sales for non-mobile applications like IoT), up 30% from the previous year. Last earnings conference call. Broad market companies contributed 36% of Skyworks’ revenue last quarter, up from 29% in the same period last year.

It’s also worth noting that Skyworks earned $2 billion in revenue from this segment for the entire fiscal year. That’s almost 43% more than the $1.4 billion in revenue last fiscal year. The good news is that the company’s business in a wide range of markets can maintain its momentum. This is because, as Skyworks showed in its earnings report, it is attracting new customers in high-growth niches like IoT.

“In IoT, we continue to win new customers and expand our content. We have partnered with Vodafone to launch the UK’s first WiFi 6E platform. We have launched a solution for Fi 6 hotspots.”

Skyworks also enables the deployment of O-RAN (Open Radio Access Network) and delivers record quarterly results in the high-growth automotive business niche. For example, the O-RAN market is expected to grow at an annual rate of 42% until 2030. Meanwhile, according to Mordor Intelligence, the demand for connected cars will grow by 19% per year until 2027.

These catalysts explain why Skyworks expects its broad commercial segment of the market “to be a major driver in FY23 and beyond.”

The mobile business was not in its best last quarter
Skyworks’ mobile business generated approximately $907 million in revenue last quarter (this is total revenue minus $500 million from the broader market business). By comparison, 71% of Skyworks’ $1.31 billion in revenue last year came from its mobile business, worth nearly $931 million.

Thus, the company’s mobile business, which generates most of its revenue, declined year-over-year in the most recent quarter. This is not surprising given that smartphone sales have been declining for the past five quarters. Skyworks considers Apple its biggest client, with the smartphone giant generating 58% of its revenue last year.

Last quarter, Apple shipped 48.5 million smartphones, 6.4% more than last year. However, the overall smartphone market was down 9% year-over-year. And now things could get even worse for Skyworks.

All of this explains why Skyworks management is targeting a sharp drop in sales and profits. The chipmaker expects revenue of $1.3 billion to $1.35 billion and adjusted earnings of $2.59 per share in the first quarter of fiscal 2023. These numbers show double-digit declines in both revenue and earnings compared to the last year.

Continue Reading

Trending