Connect with us
DAPA Banner
DAPA Coin
DAPA
COIN PAYMENT ASSET
PRIVACY · BLOCKDAG · HOMOMORPHIC ENCRYPTION · RUST
ElGamal Encrypted MINE DAPA
🚫 GENESIS SOLD OUT
DAPAPAY COMING

Tech

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

Published

on

Microsoft 365

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts.

Despite an international law enforcement operation disrupting the Tycoon2FA phishing platform in March, the malicious operation was rebuilt on new infrastructure and quickly returned to regular activity levels.

Earlier this month, Abnormal Security confirmed that Tycoon2FA had rebounded to normal operations and even added new obfuscation layers to strengthen its resilience against new disruption attempts.

In late April, Tycoon2FA was observed in a campaign that leveraged the OAuth 2.0 device authorization grant flows to compromise Microsoft 365 accounts, indicating that the operator continues to develop the kit.

Advertisement

Device code phishing is a type of attack in which threat actors send a device authorization request to the target service’s provider and forward the generated code to the victim, tricking them into entering it on the service’s legitimate login page.

Doing so authorizes the attacker to register a rogue device with the victim’s Microsoft 365 account, giving them unrestricted access to the victim’s data and services, including email, calendar, and cloud file storage.

Push Security recently warned that this type of attack has increased by 37x this year, supported by at least ten distinct phishing-as-a-service (PhaaS) platforms and private kits. A more recent report by Proofpoint records a similar surge in the use of the tactic.

Tycoon2FA adds device-code phishing

According to new research from managed detection and response company eSentire, Tycoon2FA confirms that device code phishing has become highly popular among cybercriminals.

Advertisement

“The attack begins when a victim clicks a Trustifi click-tracking URL in a lure email and culminates in the victim unknowingly granting OAuth tokens to an attacker-controlled device through Microsoft’s legitimate device-login flow at microsoft.com/devicelogin,” explains eSentire.

“Connecting those two endpoints is a four-layer in-browser delivery chain whose Tycoon 2FA tradecraft is virtually unchanged from the credential-relay variant TRU documented in April 2025 and the post-takedown variant documented in April 2026.”

Trustifi is a legitimate email security platform that provides a range of tools integrated into various email services, including those from Microsoft and Google. However, eSentire does not know how the attackers came to use Trustifi.

According to the researchers, the attack uses an invoice-themed phishing email containing a Trustifi tracking URL that redirects through Trustifi, Cloudflare Workers, and several obfuscated JavaScript layers, landing the victim on a fake Microsoft CAPTCHA page.

Advertisement

The phishing page retrieves a Microsoft OAuth device code from the attacker’s backend and instructs the victim to copy and paste it to ‘microsoft.com/devicelogin,’ after which the victim completes multi-factor authentication (MFA) on their end.

After this step, Microsoft issues OAuth access and refresh tokens to the attacker-controlled device.

Attack flow
Tycoon2FA attack flow
Source: eSentire

The Tycoon2FA phishing kit includes extensive protection against researchers and automated scanning, detecting Selenium, Puppeteer, Playwright, Burp Suite, blocking security vendors, VPNs, sandboxes, AI crawlers, and cloud providers, and using debugger timing traps.

Requests from devices indicating an analysis environment are automatically redirected to a legitimate Microsoft page, eSentire says.

The researchers have found that the kit’s blocklist currently contains 230 vendor names and is constantly updated.

Advertisement

eSentire recommends disabling the OAuth device code flow when not needed, restricting OAuth consent permissions, requiring admin approval for third-party apps, enabling Continuous Access Evaluation (CAE), and enforcing compliant device access policies.

Additionally, the researchers recommend monitoring Entra logs for deviceCode authentication, Microsoft Authentication Broker usage, and Node.js user agents.

eSentire has published a set of indicators of compromise (IoCs) for the latest Tycoon2FA attacks to help defenders protect their environments.


article image

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Advertisement

Download Now

Source link

Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

Tech

If you use Samsung Messages, you need to read this

Published

on

Samsung’s long-running Messages app is officially reaching the end of the road.

After years of gradually shifting users towards Google’s messaging platform, Samsung will stop supporting Samsung Messages on July 6. This marks the final step in its transition to Google Messages.

The move isn’t exactly a surprise. Earlier this year, Samsung confirmed it planned to retire its in-house messaging app. However, the shutdown date has now been confirmed through an in-app notice spotted by users.

Once support ends, Samsung Messages will stop working on Galaxy devices running Android 12 or later. If you’re using a newer Galaxy phone running Android 14 or newer, the switch will be even more seamless. In this case, Samsung will automatically replace the Samsung Messages app icon on your home screen with Google Messages.

Advertisement

The change has been a long time coming. Google Messages became the default texting app on Galaxy phones back in 2022. Before 2024, Samsung stopped pre-installing its own messaging app on new Galaxy devices sold in the US. The company also encouraged existing users to move across to Google’s app throughout last year.

Advertisement

There was a brief period where Samsung Messages appeared to have a future after the company added RCS support and introduced a handful of new features in 2025. Those updates suggested Samsung might continue developing its own messaging platform alongside Google Messages. However, the company ultimately decided to consolidate around Google’s app instead.

For Samsung, the decision makes sense. Google Messages has become the centrepiece of Android’s messaging strategy, with widespread RCS support and end-to-end encryption for supported conversations. In addition, it offers spam protection and tighter integration with Android features. Therefore, maintaining two separate messaging platforms was increasingly difficult to justify.

Advertisement

That said, not everyone is happy to see Samsung Messages disappear. Many Galaxy owners preferred Samsung’s cleaner interface and customisation options. In particular, users liked its support for Samsung themes. Those features helped Samsung Messages retain a loyal following, even after Google Messages became the default.

If you’re still using Samsung Messages on a modern Galaxy device, you’ll need to make the switch before July 6. Older Galaxy phones running versions of Android earlier than Android 12 can continue using the app. However, for most users, Google Messages is about to become the only option.

Source link

Advertisement
Continue Reading

Tech

OWC 11 Port Thunderbolt 5 Dock 4th of July Sale $229.99

Published

on

Exclusive 4th of July deals are in effect at OWC, dropping prices for enclosures, docks, and Thunderbolt 5 cables to as low as $19.99.

The sale includes a variety of accessories for your Mac or iPad, with OWC’s 11-Port Thunderbolt 5 Dock especially enticing at $229.99 after a $69 discount.

You can also pick up a Thunderbolt 5 cable for $19.99 and a ThunderBay 4 Enclosure for $309.99. The four-bay Thunderbolt (40Gb/s) external storage enclosure for 2.5-inch and 3.5-inch SATA drives is a great way to expand your storage, especially if you’re a content creator needing an abundance of space.

Get exclusive savings at OWC

Advertisement

To activate the deals, you must shop through this special pricing link and look for the discount in your shopping cart. The discount will not appear on the landing page.

Exclusive OWC Thunderbolt dock deals

Exclusive OWC enclosure sale

Exclusive OWC Thunderbolt cable discounts

The exclusive offers are valid for a limited time only and inventory may be limited on the accessories.

Source link

Advertisement
Continue Reading

Tech

What Is SC’s ‘Palmetto Stop’ Cycling Law, And Do Other States Have One?

Published

on





For many Americans, learning how to ride a bike is a rite of passage. You may have fond memories of a parent running behind you as you took off without training wheels for the first time, or biking to your best friend’s house on hot summer days. PeopleForBikes reported that in 2024, more than 110 million Americans rode a bike at least once. The COVID-19 pandemic sparked enthusiasm for bike riding, and the so-called bicycle boom has seen more Americans hop on a bike than at any point in the last 25 years.

No matter where you’re cycling, safety should always be a top concern. In 2024, more than 1,100 bicyclists were killed in traffic accidents. To stay safe, the National Highway Traffic Safety Administration recommends that cyclists obey street signs just as if you were driving a car. But in some states, including South Carolina, a stop sign doesn’t always mean stop, at least if you’re on a bike.

The Palmetto State recently signed the Stop As Yield bill, S.812, into law. Nicknamed the Palmetto Stop, this new law allows people riding bikes in the state to treat stop signs as yield signs and proceed with caution when it is safe to do so. The law also allows cyclists to pass through a red light, but only after coming to a full stop first — and only if it is safe. South Carolina is the first state on the East Coast to enact such a law, but it’s following in the footsteps of several other states.

Advertisement

South Carolina joins other states to help protect bicyclists

If you live in South Carolina and are concerned that the new law means it will be a free-for-all with cyclists on the road, fear not. Cyclists must still yield to vehicles that have the right of way and cannot simply ride through a protected intersection without slowing or stopping. Because the majority of crashes involving bicyclists happen at intersections, this law is intended to provide a more predictable pattern that also reduces the time spent waiting at intersections for both drivers and cyclists when bikers are involved. It also mirrors how most cyclists naturally ride.

These types of laws are not new ideas. Idaho was the first state to pass a law that allowed bicyclists to treat stop signs as yield signs way back in 1982. The law led to a more than 14% reduction in bicyclist injuries from traffic accidents. While state laws vary, at least 13 other states have similar laws, including Delaware, Utah, and Oklahoma.

Advertisement

Following your state’s laws and wearing a helmet aren’t the only steps you can take to help protect yourself when you’re enjoying a bike ride. Make sure you’re riding a bike that’s the correct size for your height and is in good working order. In addition to a helmet, wear bright, visible colors and reflective gear. Consider adding a light or a horn if you’re riding in the dark. Plan your route carefully, be sure someone knows where you’re going, and try to avoid traffic when possible.



Advertisement

Source link

Continue Reading

Tech

Lifelong learning must change for AI to realise long-term potential

Published

on

According to the research, as structural issues begin to limit growth, business leaders are urging policymakers to align strategies and revamp workforce development.

Ibec, the group representing Irish businesses, has issued a new report exploring the correlation between workplace AI and consistent learning strategies. 

The ‘Skills for all, skills for life’ report warned that unless there is a deliberate shift in the national approach to lifelong learning, Ireland will fail to capitalise on the long-term economic potential of AI. As it stands, Ibec found that 64pc of roles are going to require significant reskilling. 

The report, which was supported by professional services firm Accenture, suggested that by failing to proactively and adequately reskill the workforce in support of a transitioning workplace environment, a massive portion of the country’s competitive advantage could be put at risk, hindering Ireland’s ability to benefit from the “multibillion-euro opportunity being created by AI”.

Advertisement

AI is redefining occupational tasks, impacting roughly 82pc of working hours in Ireland according to Ibec. As a result, the workforce has to respond and adapt quickly, prioritising strategic investment, as “ leaders cannot afford to defer spending for a future crisis”, when the disruption to the workforce is “happening right now”.

Potential avenues for improvement are, according to the report, a commitment to treating the closure of emerging structural restraints as a shared responsibility among the Government, educational systems and employers; securing a strong graduate pipeline; and building an “AI-native” workforce. 

Commenting on the report, Kara McGann, the head of skills and social policy at Ibec, said: “We are just at the precipice of the change happening as a result of AI. As a country, we cannot be passive or hold back our intent or resources in supporting the transition required to meet the opportunities and challenges that will come with it. 

“We have a multibillion-euro training fund sitting on the sidelines, acting like it’s a rainy-day fund, when given the level of disruption that we’re seeing, we’re actually in the middle of a monsoon, facing the most profound and unprecedented technological shifts since the industrial revolution and simultaneously a global talent competition.”

Advertisement

She added: “While Ireland may not necessarily be a global hub for AI development, we can equip our workforce to be globally renowned as ‘AI natives’, which will provide a real competitive advantage for us. To achieve this, we need to considerably alter our approach to lifelong learning and its participation rates.” 

She suggested enacting a change that shifts the national mindset toward continuous learning, resolving the funding cycles of the National Training Fund and establishing an integrated AI reskilling plan, to ensure that Ireland becomes a net beneficiary of new opportunities.

Audrey O’Mahony, managing director and talent reinvention lead at Accenture, added: “Artificial intelligence is fundamentally reshaping how work gets done, not just how quickly tasks can be completed. As roles evolve, the real challenge is whether organisations are investing at the same pace in people as they are in technology.

“Building the skills that create value in an AI-driven economy requires more than access to tools, it demands a deliberate focus on capability, confidence and the redesign of work itself. Reskilling must be treated as a core business transformation priority, embedded into how organisations operate and how work is continuously reinvented.”

Advertisement

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Advertisement
Continue Reading

Tech

JadePuffer ransomware used AI agent to automate entire attack

Published

on

JadePuffer ransomware used AI agent to automate entire attack

Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent.

According to cloud security company Sysdig, JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data.

The researchers say that the AI agent adapted to failures during the intrusion, much like a human operator would handle obstacles.

image

“The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds,” Sysdig says.

From initial access to encryption

JadePuffer gained initial access to the target by exploiting CVE-2025-3248, an unauthenticated remote code execution vulnerability in Langflow, a popular open-source framework used for building LLM apps.

Advertisement

The vendor fixed the flaw on April 1, 2025, and in early May of the same year, CISA tagged it as exploited in attacks targeting internet-exposed endpoints, usually deployed with minimal hardening but containing cloud credentials and API keys.

After obtaining code execution through CVE-2025-3248, the AI agent dumped Langflow’s PostgreSQL database, collected host information, searched for environment variables and sensitive files, retrieved credentials, and enumerated a MinIO object store.

Sysdig highlights the adaptive approach to MinIO enumeration, where if one API request returned XML instead of JSON, the next payload adjusted its parsing logic accordingly.

JadePuffer also established persistence on the Langflow host by installing a cron job on the server, which was configured to beacon to the attacker’s infrastructure every 30 minutes.

Advertisement

From the Langflow instance, the attacker pivoted to a production MySQL server running Alibaba Nacos (Naming and Configuration Service), using root credentials whose origin Sysdig couldn’t determine.

Nacos was targeted with multiple payloads, including one exploiting CVE-2021-29441, an authentication bypass vulnerability that creates rogue administrator accounts.

The agent probed for container escape methods and deployed the ransomware payload. According to the researchers, JadePuffer encrypted 1,342 Nacos service configuration items before deleting the originals.

“The captured payloads show the agent encrypting all 1,342 Nacos service configuration items using MySQL’s AES_ENCRYPT(), dropping the original config_info and history tables, and creating an extortion table (README_RANSOM) containing the demand, a Bitcoin payment address, and a Proton Mail contact,” describes Sysdig.

Advertisement
The encryption function
The encryption function
Source: Sysdig

The ransom note claims that the data was encrypted using the AES-256 algorithm, although the researchers believe this to be an overstatement, and that the use of the weaker AES-128-ECB is more likely.

Sysdig mentions that the encryption key is randomly generated but not stored or transmitted to the attacker.

The Bitcoin address listed in the ransom note is an example address widely used in public documentation, possibly the result of the LLM reproducing it from the training data.

Other signs that AI was controlling the attack include detailed natural-language comments in the generated code describing operational reasoning and rapid attack iteration that considers the specific errors encountered, rather than being simple retries.

Rapid iteration steps
Rapid iteration steps
Source: Sysdig

Sysdig concludes that the case of JadePuffer demonstrates that the age of “agentic threat actors” (ATAs) has arrived, lowering the skill required for conducting damaging cyberattacks.

At the same time, given how AI agents operate today, LLM-generated payloads create new detection opportunities for security solutions.

Advertisement

article image

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Source link

Continue Reading

Tech

Crooks stole our passwords, patient health data

Published

on

Security

Third-party contractor compromise exposed health information and insurance billing passwords

AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

Advertisement

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

AdaptHealth activated its incident response protocols soon after the attacker contacted the company on June 15 and disclosed the theft.

It did not specify whether an extortion demand was made, nor whether one was paid, and no cybercrime group had claimed responsibility at the time of writing.

The company’s response included disabling the contractor’s user account, resetting credentials, and implementing additional access controls. It believes the attack is now contained.

Advertisement

In addition to the “password file associated with insurance billing,” AdaptHealth confirmed that personally identifiable information (PII) and protected health information of certain patients were also stolen.

Social Security numbers and payment details are not thought to be affected.

On June 27, AdaptHealth determined that “due to the nature and potential volume of the data that is at risk,” the attack can be considered material, requiring disclosure to the SEC.

The company did not comment on the exact scale of the attack or the related data theft, but said investigations continue to determine the scope of the breach.

Advertisement

It also said it “has since taken steps intended to mitigate the risk of dissemination of the exfiltrated data.”

The Register asked AdaptHealth for more information, including whether it received any extortion demands and what steps it took to reduce the risk of the stolen data being distributed or misused.

Pennsylvania-based AdaptHealth provides home medical equipment and related services for patients with chronic and serious conditions.

Founded in 2012, it specializes in respiratory, sleep, and diabetes therapies. According to a 2024 annual report, it serves more than 4.2 million patients across all 50 US states. ®

Advertisement

Source link

Continue Reading

Tech

EchoStar’s US Satellite Pay-TV Provider Dish DBS Files for Bankruptcy

Published

on

EchoStar’s satellite pay-TV unit Dish DBS has filed for Chapter 11 bankruptcy
protection, reports Reuters. The move also applies to its wireless subsidiaries, according to the article, and “facilitates the wind-down of Dish Wireless’s 5G network operations following an unexpected delay in a spectrum license sale to AT&T… under which EchoStar agreed to sell about 50 megahertz of its nationwide spectrum for $23 billion.”

Some context from Deadline.com:

Charlie Ergen, who co-founded EchoStar and Dish, recently returned as chairman and CEO to steer the company through its recent challenges…
Even prior to the merger, Ergen had been working to pivot from the pay-TV business, where Dish now has just 5 million subscribers and streaming sibling Sling TV has another 2 million, toward wireless telecom. With wireless spectrum hitting the market due to the Sprint-T-Mobile merger and then Elon Musk’s Starlink looking to ramp up in the sector, it seemed more attractive than the cord-cutting-ravaged pay-TV business. But it is still entails plenty of risk, especially given how tightly regulated the spectrum is due to security concerns.



Thanks to long-time Slashdot reader schwit1 for sharing the news.

Advertisement

Source link

Continue Reading

Tech

You can still pay Plex $249.99, but not for a lifetime pass

Published

on

Shortly after increasing the lifetime version of the Plex Plan to $749.99, Plex has now introduced a new five-year option. One charging $249.99 for streaming media from your Mac to your iPhone.

On July 1, Plex significantly increased the cost of its Lifetime Plex Plan from $249.99 to a staggering $749.99. While consumers will have missed the boat to get the old pricing, they can still spend $249.99 on something that’s not quite as everlasting.

Subscribers can sign up for a new five-year Plex Pass. The new option, offered alongside the monthly $6.99 and annual $69.99 subscriptions, gives users a lengthy period of usage without paying a regular subscription.

The price, $249.99, will be familiar to users, since it’s the same as the Lifetime Plex Plan pre-price rise.

Advertisement

Good, but not quite great

It does still work out to be a decent deal for Plex users as they’d pay the equivalent of three and a half years of the annual plan for five years of usage. Or just under three years worth of the monthly plan price.

This is a bit of a cost saving for consumers. But it’s not as good as the old Lifetime offer, which did the same thing but without an end date.

The new plan certainly does help soften the blow of the Lifetime price rise to $749.99. But there are still some elements to remember.

The key one is what happens after the five-year period ends. Users will then have to either sign up for a new five-year or equivalent plan, or consider switching to a monthly one instead.

Advertisement

However, they won’t get any grandfathered pricing. Due to the inevitability of price increases over time, you can count on the subscriptions going up in price within those five years.

Consider your streaming choices

In justifying the price rise, Plex admitted that it had previously considered removing the Lifetime Plex Pass altogether. While recurring subscriptions sustain long-term development, the lifetime pass does not, and becomes less useful to Plex as time goes on.

The new pricing of that plan “reflects the real, ongoing value of the software we’re committed to building and maintaining for years to come.”

The severely high price of the Lifetime pass certainly does make buying one of the lower-tier options more attractive to users. Especially the new five-year option.

Advertisement

However, this also serves as an opportunity for users to consider whether to stick with Plex at all.

Other options exist, such as Jellyfin, which is free to use. It offers the same core streaming functionality as Plex, but it requires a little more work to get it up and running.

Source link

Advertisement
Continue Reading

Tech

Confidential computing’s core trust mechanism is broken. The fix may not exist

Published

on

Vendors are trying to position “confidential computing” as the technical backbone of Europe’s sovereign cloud ambitions. But new research shows that a security protocol used to prove cryptographic trust in the system may have a fundamental architectural flaw.

Confidential computing rests on a mechanism called remote attestation, in which a server cryptographically proves to a client that it is running inside a genuine, unmodified Trusted Execution Environment (TEE) before any sensitive data changes hands. Intel’s product pages promise TDX will “add safeguards to data sovereignty and governance.” Google Cloud describes its confidential computing infrastructure as offering “full, auditable control over access to customer data.”

In May, The Register reported that the chip beneath the chip, the management engines running below the operating system on Intel and AMD silicon, falls outside what European sovereignty frameworks like SecNumCloud actually assess. That left an open question about the layer above the silicon: the protocol meant to prove the chip itself can be trusted.

New, independently verified research answers it, and the answer is not reassuring.

Advertisement

A protocol that promises more than it proves 

Muhammad Usama Sardar, a researcher at TU Dresden, has spent the past two years formally verifying whether that protocol, known as attested TLS, actually does what it claims. Using ProVerif, a tool for the symbolic security analysis of protocols, he and his co-authors discovered that it largely does not. 

Their recent paper, Identity Crisis in Confidential Computing, published with co-authors Mariam Moustafa and Tuomas Aura and presented at the AsiaCCS 2026 conference, found diversion attacks against two state-of-the-art attested TLS protocols. A connection intended for one server can be silently redirected to a different, compromised machine running identical software, anywhere in the world, without the client ever knowing. The intended server has done nothing wrong. The attacker simply exploits the fact that the protocol checks the software’s integrity, not its location.

The most recent paper, Intra-handshake.fail, published with co-authors Viacheslav Dubeyko and Jean-Marie Jacquet and accepted for ESORICS 2026, goes further. It examines what the industry calls intra-handshake attestation, where evidence is generated during the TLS handshake itself, and tests seven different ways of cryptographically binding that evidence to the underlying connection. None of them prevent relay attacks, in which a client verifies the evidence of a genuine, trustworthy AI agent or server but ends up encrypting its traffic to an entirely different, malicious one. The starting assumption in all of this is that the hardware itself can be trusted. 

“In confidential computing, you have to trust the hardware manufacturer anyway,” Sardar told The Register. “There is absolutely no way around this.” With that root of trust accepted, he argues, the protocol layer was supposed to provide everything else. His research shows it provides far less than assumed.

Advertisement

Three levels of trust

The researchers formalise the problem as three increasingly strict levels of cryptographic binding between the attestation evidence and the actual TLS connection it is meant to vouch for.

The weakest, level one, ties evidence only to the very first key exchange in the handshake, the Diffie-Hellman step, where client and server agree on a shared secret before either side has proven who they are. Level two ties it to the client’s handshake traffic key, covering everything up to the server’s identity confirmation. Level three, the strongest and the one that matters most in practice, ties evidence to the application traffic key itself, the key actually used to encrypt the sensitive data a client sends once the connection is live.

Sardar’s extensive analysis in ProVerif focused on intra-handshake attestation; post-handshake attestation fell outside its scope. Three of the seven binding mechanisms examined achieve level one. The rest fail even that baseline.

His team’s own proposed mitigation, a cryptographic binder built from the TLS handshake secret combined with the server’s public key, formally achieves level two. Level three, the paper concludes, “may not be possible” within intra-handshake attestation as currently architected, without breaking properties of TLS 1.3 that the protocol was never designed to give up.

Advertisement

In plain terms: the best fix available today proves a client is talking to the right machine at the start of a handshake. It cannot prove that the data sent minutes later is still going to that same machine.

Production systems, not laboratory proofs of concept

The vulnerability is not confined to academic models. Sardar’s team formally analysed four real-world implementations of intra-handshake attestation: Meta’s Private Processing system for WhatsApp, Edgeless Systems’ Contrast, the open-source Cocos AI platform, and a proof-of-concept maintained by the Confidential Computing Consortium’s (CCC) Attestation Special Interest Group. The first three of the four are running in production today. The attacks apply to every version of Cocos AI between 0.4.0 and 0.8.2. The class of flaw itself is not new. Sardar’s team notes the attacks are subtle enough to have gone undiscovered for years before formal analysis caught them. 

The responsible disclosure resulted in CVE-2026-33697, rated 7.5 on the Common Vulnerability Scoring System, high severity. For comparison, the researchers note in their paper that BadRAM, the 2024 memory aliasing attack against AMD’s SEV-SNP that made headlines in its own right, scored 5.3. The CCC Attestation SIG’s repository lists CVE-2026-33697 as the highest-scoring vulnerability among a cluster of recent confidential computing flaws, ahead of Fabricked (5.9), BreakFAST (5.9) and Staleus (4.0).

The working group and the IETF’s TLS working group have both formally acknowledged the relay attacks. “As implemented today, attested TLS is not mature yet,” Sardar told The Register. “We are investigating further, and we are confident there are more issues yet to be discovered.” 

Advertisement

What makes the finding more pointed is who missed it first. Meta commissioned an extensive security review of its WhatsApp implementation from Trail of Bits, a well-regarded security firm, before Sardar’s team examined it. That review did not detect the relay attack.

It is methodology, not incompetence, that explains the gap. The ESORICS paper records that Sardar’s team contacted Trail of Bits directly, who confirmed no formal methods were used in their review process. Formal verification tools like ProVerif check a protocol exhaustively against every scenario a defined threat model allows. A manual audit, however thorough, samples. A subtle flaw in how evidence is bound to a connection can slip past a sampled review and still be provably broken under exhaustive formal analysis.

The Attestation Special Interest Group of the CCC, which governs the adopted proof-of-concept project Sardar tested, found its own system vulnerable to the same relay attacks. 

A repository nobody would create

The vulnerability itself had already been through a lengthy, orderly disclosure process. Sardar’s team flagged it to Cocos AI in October 2025, the vendor acknowledged it two months later, and the CVE was published in March 2026.

Advertisement

What happened next was different. 

On 14 June, Sardar wrote to the chairs of the CCC’s Attestation Special Interest Group requesting a new public GitHub repository, named relay-attacks-in-intra-handshake, so his formal analysis artefacts for the relay attacks could be released under an Apache 2.0 licence, for use by researchers and the standardization community. He referenced an existing, adopted project under the same group’s governance, the kind of administrative step that, on paper, should take minutes.

Three days later, on 17 June, he sent a reminder. The following day, a second, noting the artefact link was needed for the paper’s final version. On 24 June, ten days after the original request, he wrote again, this time without the diplomatic padding: “I do not see a good reason for such a delay, since the requested repo is part of an adopted project and creation of a new repo is not such a time-consuming task.” The new repository still did not exist.

The CCC’s Attestation Special Interest Group is made up of representatives from the hardware and cloud vendors whose products the research concerns. That fact requires no embellishment. A working group populated by the companies whose attestation implementations were just shown to be vulnerable to relay attacks did not act, for over a week and across three written reminders, on a request to publish proof of that vulnerability.

Advertisement

Since no repository had been created before the paper’s final version went to the publisher, Sardar published the artefacts anyway, but inside an existing CCC-affiliated repository rather than the dedicated one he had asked for. He told The Register the repository had originally been built for an unrelated project: “Since the monopoly [of vendor-dominated working groups over this infrastructure] continues, we have released the artifacts to inform the community and for researchers to analyse it independently.”

The CVE stands regardless, credited and public. The delay changes nothing about the underlying mathematics. 

BSI reaches the same verdict 

None of this requires taking Sardar’s interpretation on faith. A world away from the IETF mailing lists, Germany’s Federal Office for Information Security (BSI) arrived at a closely related conclusion through its own, entirely separate channel.

Carina Hilt, deputy press spokesperson at BSI, was asked directly about confidential computing’s role in digital sovereignty. She told The Register the technology functions as “a defense-in-depth component,” strengthening tenant isolation and protecting confidentiality and integrity, but not availability. Crucially, she added that “dependencies on other services, such as identity and key management etc., are also not mitigated by CC.”

Advertisement

That is, in other words, an institutional echo of exactly the gap Sardar’s protocol analysis exposes: confidential computing’s guarantees stop well short of guaranteeing who actually controls the keys and the identity infrastructure a deployment depends on.

Pressed further on vendor marketing claims, BSI did not soften its position. “The vendors’ positioning on CC might give too much weight to its technical capabilities,” the spokesperson told The Register. “CC alone cannot satisfy the requirements for digital sovereignty.” 

What the chipmakers say

Mikael Moreau, Intel’s France Communication Manager, was asked specifically about the attestation infrastructure underpinning its TDX confidential computing technology, and whether Intel’s own role in that infrastructure constitutes a dependency. He said the company does “not consider its attestation infrastructure to be a limitation to sovereignty guarantees,” arguing that any reliance on Intel’s silicon and certificate root of trust is “bounded.” Intel is not in the customer’s workload data path, does not receive customer plaintext through attestation, and the operational trust decision can be delegated to an independent verifier or retained by the customer. 

That is a carefully constructed, technically defensible answer. It explains the architecture, not the law. Intel was asked whether its attestation infrastructure poses a sovereignty risk under RISAA, the 2024 US law that can compel hardware manufacturers to cooperate with secret intelligence orders. That question went unanswered. 

Advertisement

Google did not respond to a request for comment for this article.

Acknowledged everywhere except the sales pitch

Sardar’s findings prompted four different institutional responses.

The IETF’s Secure Evidence and Attestation Transport (SEAT) working group, formed after a group including Sardar successfully argued for it at a Birds of a Feather session at IETF 123 in Madrid in July 2025, wrote his correlation properties directly into its charter as an explicit, mandatory requirement for any new specification work. That is a standards body doing exactly what it should, building formal verification into the process rather than bolting it on afterwards.

The IETF’s TLS working group formally acknowledged the same attacks, without adopting a binding requirement of its own. The CCC’s inaction over ten days meant Sardar published the evidence himself, without the working group’s help. 

Advertisement

None of that reached the sales conversation. Intel and Google continue to market confidential computing as proof of sovereign, verified protection. Asked directly about the infrastructure underpinning that claim, Intel’s answer stopped short of the legal question at its centre. Google did not answer at all.

For European CIOs and procurement officers, this raises a question beyond the one usually asked. It is no longer only which company owns the cloud or which government can compel which hardware manufacturer. It is whether the cryptographic handshake meant to prove a workload is running where it claims to be running can be trusted at all. 

The level that timing rules out 

Sardar’s own mitigation reaches level two. Level three, the one that actually matters to a customer trying to verify their workload is still protected once data starts flowing, may not be achievable at all within the current architecture of intra-handshake attestation, where evidence is generated during the handshake itself. The timing is the problem. Level three requires binding the evidence to the key that encrypts the actual application data, but by the time that key exists, the evidence has already been sent, unless the TLS protocol itself is significantly changed. Post-handshake attestation waits until after that point, when the key is already there to bind against. 

“We believe post-handshake attestation alone can achieve level three binding,” Sardar told The Register, warning that newer proposals combining both approaches add unnecessary complexity without adding security. His recommendation to the IETF’s TLS working group is blunt: developers should abandon intra-handshake attestation altogether. ®

Advertisement

Source link

Continue Reading

Tech

Android desktop mode made me miss my laptop in record time

Published

on

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

For a little while, the illusion held together. That’s where the trouble starts.

When almost starts to look convincing

The first hour wasn’t a disaster, which somehow made the whole thing more suspicious. With a monitor, keyboard, mouse, and USB-C hub attached, Android desktop mode looked close enough to the real thing. I had browser tabs open. I could type in a document. I could jump into messaging apps.

Advertisement

For a few minutes, I could even accept the clean little fantasy people have been promising since phones became more powerful than the laptops many of us used in college.

The catch is that desktop mode only feels convenient after you’ve rebuilt half a desk around it. My phone needed a hub so the monitor, charger, keyboard, mouse, and HDMI connection could all behave like members of the same household. Bluetooth can cut down the cable mess, but then you’re juggling pairing, batteries, and the quiet uncertainty of whether everything will reconnect before your patience files a complaint.

When portable stops meaning portable

The portability argument is where things started falling apart. In theory, I could use a hotel TV as a monitor and turn my phone into a tiny newsroom. In practice, that means carrying a small nest of accessories and pretending that still counts as traveling light. Desktop mode solves the problem of not having a laptop by asking me to recreate everything around a laptop except the laptop.

At that point, the obvious question becomes hard to dodge. Why didn’t I just bring the machine with the screen, keyboard, trackpad, ports, battery management, and operating system already built around this exact job?

The annoying answer is that Android desktop mode can still get the job done. I was able to write. I was able to build the page in WordPress. I was able to move through the web tools that make up too much of modern work now. That’s partly because everything is browser-based anyway, so the phone mostly needs to render a pile of web services without giving up.

Advertisement

That sounds like a win until you actually sit with it. WordPress loaded, but page building came with a patience tax. Moving between tabs, managing images, waiting for menus, and treating the browser as my main workspace made every small task feel slightly more deliberate than it should.

The setup didn’t collapse. It just kept reminding me that I was using a workaround with a monitor attached.

When the dream beats the desk

That’s probably the most confusing part of Android desktop mode. It’s capable enough to make the dream feel reasonable, then rough enough to make the current version feel faintly absurd. Phones are already powerful. They’re already everywhere.

The sci-fi version of this is easy to imagine: drop the phone onto a little dock like a wireless charger, watch a full desktop environment wake up, then pretend the holograms aren’t deeply unnecessary but emotionally important.

That future still sounds great to me. I’d love a world where the phone becomes the computer, not a compromised laptop impersonator surrounded by dongles. Android desktop mode feels like a step toward that, but a step isn’t the destination, no matter how many cables are involved.

So yes, I wrote and built an article from my phone. I could even do it again, which may be the most annoying admission here. The harder question is why I would, unless something had already gone wrong.

Advertisement

If the most honest use case is still some version of “I guess, in an emergency,” who is Android desktop mode actually for?

Source link

Advertisement
Continue Reading

Trending

Copyright © 2025