TechLetters #159 Light sensor privacy leaks; Data leaks from LLM uses; Cybersecurity plans of a potential US 2025 White House
Security
Data leak from LLM usage. "Vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs". Security/privacy leak of data from AI/LLM systems. Among the affected devices are iPhones. “For each of our threat models, we believe that our results demonstrate two key conclusions: both of our threat models are possible and they could be very difficult to deal with if they did occur”.
Cybersecurity plans for the potential future Republican president. Interesting read, regardless who wins. The plan would be to integrate "cyber and electronic warfare (EW) doctrine and capabilities, abiding by the time-tested norms of combined-arms warfare". Another interesting aspect is irregular warfare. "whole-of-government approach and willingness to employ cyber, information, economic, and counterterrorist irregular warfare capabilities should be utilized to protect the homeland". Including the use of military cyber operations not just during wars but below the threshold of war. "preliminary evidence from the war in Ukraine suggests that existing cyber doctrine and certain capability and target assumptions may be incorrect or misplaced"
Microsoft systems hacked by Russian cyber espionage squad. Hacked "members of senior leadership team, employees in cybersecurity, legal, other functions". Stolen "emails and attached documents".
Privacy
Light sensor leaking private data. Privacy review of ambient light sensors. Data leak risk now validated by external research group. Vindicates my work, and that we did at the W3C Device and Sensors Working Group. Safe setup already in your web browser! The paper post constraints about the safety parameters. Reduced precision crucial to limit the privacy risks. Too much precision allows reconstruction of faces in front of the screen.
IPWE research submission. This year again I'm in the Program Committee of the International Workshop on Privacy Engineering. Submission deadline for scientific papers by March 15th, and Industry talks by April 15th. I'm involved with this venue for some years already.
Other
CERN’s LHCb experiment releases 800TB collision data. Available to anyone. Will they release it all?
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: