From 538799e74724b9773ee34da7ef91f68c3c689927 Mon Sep 17 00:00:00 2001 From: Hcabr027 <101596068+Hcabr027@users.noreply.github.com> Date: Tue, 26 Jul 2022 09:23:04 -0400 Subject: [PATCH 1/4] Update 202 link --- _includes/references.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/references.md b/_includes/references.md index 1fbafac..0c81b72 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -199,7 +199,7 @@ [^104]: A. Coletta et al., "DroydSeuss: A Mobile Banking Trojan Tracker - A Short Paper", in Proceedings of Financial Cryptography and Data Security 2016, 2016; http://fc16.ifca.ai/preproceedings/14_Coletta.pdf [accessed 8/25/2016] -[^105]: A.P. Felt and D. Wagner, Phishing on Mobile Devices, presented at Web 2.0 Security & Privacy 2011, 26 May 2011; http://w2spconf.com/2011/papers/felt-mobilephishing.pdf [accessed 8/25/2016] +[^105]: A.P. Felt and D. Wagner, Phishing on Mobile Devices, presented at Web 2.0 Security & Privacy 2011, 26 May 2011; https://www.slideserve.com/debbie/one-root-to-own-them-all [accessed 7/26/2022] [^106]: R. Hassell, Exploiting Androids for Fun and Profit, presented at Hack In The Box Security Conference 2011, 12-13 Oct. 2011; http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1 - Riley Hassell - Exploiting Androids for Fun and Profit.pdf [accessed 8/25/2016] From ee2698cb6c5279397b865afff4c385d173030e1a Mon Sep 17 00:00:00 2001 From: Hcabr027 <101596068+Hcabr027@users.noreply.github.com> Date: Tue, 26 Jul 2022 09:42:08 -0400 Subject: [PATCH 2/4] Update link 202 By mistake, I undo link 105 (which was in line 202) when adding the working link to reference 202 the first time. --- _includes/references.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_includes/references.md b/_includes/references.md index 0c81b72..2b7f9da 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -199,7 +199,7 @@ [^104]: A. Coletta et al., "DroydSeuss: A Mobile Banking Trojan Tracker - A Short Paper", in Proceedings of Financial Cryptography and Data Security 2016, 2016; http://fc16.ifca.ai/preproceedings/14_Coletta.pdf [accessed 8/25/2016] -[^105]: A.P. Felt and D. Wagner, Phishing on Mobile Devices, presented at Web 2.0 Security & Privacy 2011, 26 May 2011; https://www.slideserve.com/debbie/one-root-to-own-them-all [accessed 7/26/2022] +[^105]: A.P. Felt and D. Wagner, Phishing on Mobile Devices, presented at Web 2.0 Security & Privacy 2011, 26 May 2011; http://w2spconf.com/2011/papers/felt-mobilephishing.pdf [accessed 8/25/2016] [^106]: R. Hassell, Exploiting Androids for Fun and Profit, presented at Hack In The Box Security Conference 2011, 12-13 Oct. 2011; http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1 - Riley Hassell - Exploiting Androids for Fun and Profit.pdf [accessed 8/25/2016] @@ -385,7 +385,7 @@ [^201]: R. Konoth, V. van der Veen et al., "How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication", in Proceedings of the 20th Conference on Financial Cryptography and Data Security, 2016. -[^202]: J. Forristal, Android: One Root to Own Them All, presented at Blackhat, 2013; https://media.blackhat.com/us-13/US-13-Forristal-Android-One-Root-to-Own-Them-All-Slides.pdf [accessed 8/24/2016] +[^202]: J. Forristal, Android: One Root to Own Them All, presented at Blackhat, 2013; https://www.slideserve.com/debbie/one-root-to-own-them-all [accessed 7/26/2022] [^203]: J. Timmer, "UAE cellular carrier rolls out spyware as a 3G 'update'", Ars Technica, 23 Jul 2009; http://arstechnica.com/business/2009/07/mobile-carrier-rolls-out-spyware-as-a-3g-update/ [accessed 8/23/2016] From 0b7846ef9ebe602cd828a4da87eb86c67904bf19 Mon Sep 17 00:00:00 2001 From: Hcabr027 <101596068+Hcabr027@users.noreply.github.com> Date: Wed, 3 Aug 2022 11:40:10 -0400 Subject: [PATCH 3/4] Update STA-37.md --- _stack-threats/STA-37.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/_stack-threats/STA-37.md b/_stack-threats/STA-37.md index 5ec23a9..a78f602 100644 --- a/_stack-threats/STA-37.md +++ b/_stack-threats/STA-37.md @@ -5,9 +5,15 @@ ID: STA-37 Threat: Power Glitching ThreatDescription: Power glitching microprocessors are designed to operate from a stable voltage wherein interruptions of the power supply are likely to crash running applications or reset the circuit. A power glitch will affect both the stored and the threshold values. Different internal capacities will cause the values to be influenced differently, possibly resulting in a misinterpretation of the actual value. ThreatOrigin: A Review of Smartcard Security Issues [^212] -ExploitExample: -CVEExample: -PossibleCountermeasures: {} +ExploitExample: Implementing Practical Electrical Glitching Attacks + +CVEExample:CVE-2020-35553 + +PossibleCountermeasures: { +Mobile App Developer +The rigid use of sensors for voltage, frequency and temperature is the most common strategy against power glitching attacks. +Software and application countermeasures implemented to detect and recover from fault injection +Checking the flow decisions and cryptographic results carry out the fault detection} title: STA-37 rawID: 37 --- From f8ddb4300b1293e087f07b98aecb794ff7f0cf79 Mon Sep 17 00:00:00 2001 From: Hcabr027 <101596068+Hcabr027@users.noreply.github.com> Date: Wed, 3 Aug 2022 11:48:10 -0400 Subject: [PATCH 4/4] Update STA-37.md --- _stack-threats/STA-37.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_stack-threats/STA-37.md b/_stack-threats/STA-37.md index a78f602..e141f3a 100644 --- a/_stack-threats/STA-37.md +++ b/_stack-threats/STA-37.md @@ -5,7 +5,7 @@ ID: STA-37 Threat: Power Glitching ThreatDescription: Power glitching microprocessors are designed to operate from a stable voltage wherein interruptions of the power supply are likely to crash running applications or reset the circuit. A power glitch will affect both the stored and the threshold values. Different internal capacities will cause the values to be influenced differently, possibly resulting in a misinterpretation of the actual value. ThreatOrigin: A Review of Smartcard Security Issues [^212] -ExploitExample: Implementing Practical Electrical Glitching Attacks +ExploitExample: Implementing Practical Electrical Glitching Attacks[^309] CVEExample:CVE-2020-35553