Two technical papers were published by researchers at Georgia Tech and Ruhr University Bochum detailing CPU side-channel attack vulnerabilities on Apple devices that could reveal confidential data. FL...

: Doing a simple system reset may not be enough to save you from fines and lawsuits

NVIDIA urges ECC activation to mitigate GPUHammer, a RowHammer exploit threatening AI accuracy and data integrity on GPUs.

Supply chain vulnerabilities, hardware attacks, and communications hacks are rife. Autonomous technology poses extra threats.

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

Discover the 2025 most important hardware security weaknesses. Learn how to leverage this list to strengthen your security program.

YouTube video by A Bit of Security, by William J. Malik

Multi-die assemblies enable more analog content, but that adds new security vulnerabilities for which there is little available research.

In this video, Arun, an offensive security expert at Intel, discusses the lessons learned from organizing "Hack@DAC," the world's largest hardware hacking competition. He is joined by his colleagues Harish and Jason, as well as two prominent professors, JV Rajendran from Texas A&M University and Ahmed Sadek from TU Darmstadt in Germany. The team also collaborates with PhD students and industry partners like Synopsys. Arun begins by explaining the main challenges in hardware security: low awareness of hardware weakness types, lack of security tools for hardware, and the high cost of fixing hardware bugs. He emphasizes the importance of detecting and fixing bugs during the RTL (Register Transfer Level) design phase, which is essentially the hardware's source code. To illustrate these challenges, Arun presents a hypothetical System on Chip (SoC) example, showing how security features are implemented in hardware. He provides concrete examples of hardware vulnerabilities, such as flaws in cryptographic key management, and explains how these flaws can be exploited by attackers. He highlights the need to create more security-aware automated design tools to detect these flaws. The video then details the organization of the Hack@DAC competition. The competition is structured in two phases: an offline phase where participants analyze a buggy chip design, and a live phase where finalists use advanced cloud-based tools to detect additional bugs. Participants must identify security flaws, propose mitigations, and evaluate the impact of these flaws, mimicking the work of a full-time security researcher. Arun highlights the benefits of the competition for participants, who gain practical experience in hardware security and develop a hacker mindset. The competition has also created a benchmark for testing hardware security tools, which was previously non-existent. In conclusion, Arun summarizes the key takeaways: raising awareness about hardware security, creating secure automated design tools, and adopting a "shift left" mentality to detect and fix bugs during the design phase. He also mentions the collaboration with MITRE to integrate hardware weaknesses into the Common Weakness Enumeration (CWE), and the positive impacts of the competition on the industry and academia. For more details, watch the full video: https://www.youtube.com/watch?v=IC-BB7HEor8

Black Hat USA 2025 addresses AI security, hardware vulnerabilities, and policy changes at the cybersecurity industry's most critical annual gathering in Las Vegas.As we approach the 28th anniversary o...

Lack of security metrics, and the increasing adoption of chiplets, 2.5D architectures, and AI all complicate security.

The TDL webinar autumn series continues with a renewed look at the challenges that have evolved in association with the security of hardware.

Cryptographic Hardware and Embedded Systems