vegeta@lemmy.world to Technology@lemmy.worldEnglish · 1 day agoHackers can steal 2FA codes and private messages from Android phonesarstechnica.comexternal-linkmessage-square38fedilinkarrow-up1202arrow-down115cross-posted to: android@lemdro.id
arrow-up1187arrow-down1external-linkHackers can steal 2FA codes and private messages from Android phonesarstechnica.comvegeta@lemmy.world to Technology@lemmy.worldEnglish · 1 day agomessage-square38fedilinkcross-posted to: android@lemdro.id
minus-squareChaosMonkey@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up12·13 hours agoThat wouldn’t be too bad. There could be a new permission for precise time.
minus-squareA Basil Plant@lemmy.worldlinkfedilinkEnglisharrow-up3·edit-25 hours agoYou can implement a counting-thread that’s even more precise than the CPU’s timer (TSC on x86) platforms. This was shown in attacks on Intel SGX, where the rdtsc instruction to access the time-stamped counter is unavailable. https://link.springer.com/chapter/10.1007/978-3-319-60876-1_1 https://arxiv.org/pdf/1702.08719 If you remove access to the timer, attackers will simply build one.
That wouldn’t be too bad. There could be a new permission for precise time.
You can implement a counting-thread that’s even more precise than the CPU’s timer (TSC on x86) platforms. This was shown in attacks on Intel SGX, where the rdtsc instruction to access the time-stamped counter is unavailable.
https://link.springer.com/chapter/10.1007/978-3-319-60876-1_1
https://arxiv.org/pdf/1702.08719
If you remove access to the timer, attackers will simply build one.