Like the earlier Meltdown and Spectre class of bugs, the new side-channel attacks ZombieLoad, RIDL, and Fallout take advantage of weaknesses in the processor's speculative execution feature to harvest secrets from system memory.
Researchers from NCC Group developed an attack that can pull private keys from the hardware-backed keystore in some Qualcomm chips.
Supply chain attacks are scary, but there are plenty of other hardware-based issues organizations should be worrying about before they have to panic about the complex malicious implants in their servers.
Hardware security researcher Joe FitzPatrick explains how non-experts should assess claims of hardware implants and backdoors.
Dennis Fisher speaks with hardware security researcher Joe FitzPatrick about finding and verifying hardware implants.