After more than a year of embargo we can now show you how speculative attacks can extract sensitive information from the Safari browser on Apple platforms. Check out our latest paper ileakage.com. Great work by Jason Kim, Stephan van Schaik and Yuval Yarom.

Also we now have a group website architecture.fail

iLeakage: Speculative execution attack on Safari, iPhone, iPad and Mac, allowing a hostile website to extract your passwords and other secrets. ileakage.com The only way to be safe is to stop using Safari: At the time of public release, Apple has implemented a

For those wondering if Apple’s iOS/iPadOS 17.1 and macOS 14.1 released yesterday protect against ileakage.com? We took a look for you, the answer is no. Devices are still vulnerable.

Goodbye WOOT the Workshop, hello WOOT the Conference! Excited to be a part of this legacy and this new beginning.

WOOT! Big news! Starting 2024 WOOT will be @USENIX WOOT Conference on Offensive Technologies! WOOT '24 will be on August 12-13 2024, colocated with USENIX Security WOOT '24 will be co-chaired by Alyssa Milburn (Intel) and Adam Doupé (Arizona State University <= corrected!) usenix.org/conference/woo…

Microarchitectural unboxing: check out our new demo for breaking two factor authentication using iLeakage. Yes you heard it, speculative execution attacks on Apple’s M3 Macs and latest Safari that defeat Facebook’s 2FA over SMS. ileakage.com

I'm very thankful to the Sloan Foundation for recognizing my research. Could not have done it without my awesome students, great collaborators, and wonderful mentors. Checkout our research group that made this possible at architecture.fail

Ever wondered what happens when side-channel resistant code meets a fancy prefetcher? Checkout our paper breaking constant time crypto on Apple CPUs. gofetch.fail Joint work with Boru Chen, yingchen wang, Pradyumna Shome (pradyumna.bsky.social), Chris Fletcher, David Kohlbrenner, Riccardo Paccagnella

GoFetch.fail happening now Real World Crypto. Come see Boru Chen (Boru Chen) talking about breaking constant time crypto using fancy prefetchers on Apple CPUs

Excited to present "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" at ASPLOS with Archit Agarwal, Max Christman, Christina Garman, Daniel Genkin, Andrew Kwong, Daniel Moghimi, Deian Stefan, Kazem Taram and Dean Tullsen. (1/4)🧵

Have an Apple device from the last few years? We have a new side channel attack for you. Checkout our work at predictors.fail Joint work with Jason Kim, Jalen Chuang and Yuval Yarom (Yuval Yarom). Could not have asked for a better team!

Want to know what happens when commercial TEEs meet improvised DRAM memory interposers? SGX mayhem including attestation key extraction. Please DO try that at home😉. Check out our work at wiretap.fail