Index Introduction PhysicsFiction state_monitor state_physics state_physics #2 — A key part state_physics #3 — The attack What about the target? Conclusions Introduction This past friday Juan Andres Guerrero-Saade and Vitaly Kamluk published an extraordinary piece of research, which uncovered a 20 years old sophisticated malware, plausibly attributed to state actors. What is outstanding about this implant is, as the authors mention, that "fast16.sys selectively targets high-precision calculation software, patching code in memory to tamper with results." That's insane…and very real. I'll try to contribute to the public understanding of Fast16 by digging into the function that targets the physics simulations. At this point, there is little left to add about Stuxnet, but it is important to use it as a temporal reference, because Fast16 was allegedly active years before the malware that changed everything. Around 2...
A Swiss E-Voting Mystery: USB Glitch or Sabotage? Imagine that you're a member of an electoral board, and the cryptographic materials required to decrypt votes, coming from an e-voting system, are stored on a USB key that happens to fail. But wait...because another USB key fails, and then another one...That's precisely what happened in the Swiss canton of Basel, now under a criminal investigation for possible electoral fraud. A glitch, or something else? Let's try to untangle an interesting incident involving cryptography, politics, e-voting, and USB keys. Index Swiss Post E-Voting System The Basel Incident USB keys: a prominent attack vector. What did these 3 USB keys contain? A plausible scenario Once-in-a-lifetime Glitch or Sabotage? Conclusions Summary The reason I'm writing about this incident is because in recent years I've spent a significant amount of time studying and trying to break the Swiss Post e-voting system, which was u...