Pre-Characterization of Electromagnetic Side-Channel Leakage Using Publicly Available Information: A Case Study on E-Voting Interfaces

In this work, we study the interface of the Brazilian e-Voting Machine BVM in the context of electromagnetic side-channel threats commonly referred to as TEMPEST attacks. In a TEMPEST attack against video displays, an eavesdropper uses Software-Defined Radios SDRs to recover sensitive information...

TriSweep: A Four-Drone Swarm Framework for Electromagnetic Side-Channel Analysis

Electromagnetic EM side-channel analysis traditionally assumes a stationary, close-proximity probe - a threat model that underestimates aerial adversaries. TriSweep is a simulation framework that designs and evaluates a four-drone swarm architecture for autonomous standoff EM-SCA of embedded...

Capacitive Touchscreens at Risk: A Practical Side-Channel Attack on Smartphones Via Electromagnetic Emanations

Capacitive touchscreens in modern smartphones introduce severe side-channel vulnerabilities. However, existing attacks often require restrictive conditions or invasive measurements. This paper presents TESLA, a novel, contactless electromagnetic EM side-channel attack that exploits inherent EM...

ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

Reflecthernet: Exfiltrating 100BASE-TX Ethernet Traffic Using a Retroreflector Hardware Trojan

Electromagnetic eavesdropping is a well-established attack vector for remotely monitoring a target activity, most notably displays, over considerable ranges. Other targets have been considered resistant to such attacks or do not exhibit sufficient electromagnetic leakage for practical exploitatio...

CVE-2025-62500

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-65119

Summary (verified): CVE-2025-65119 affects Canva Affinity. Talos reports an out-of-bounds read in the EMF processing of Canva Affinity’s EMF files, caused by the EMR_POLYGON record where a large Count leads to an out-of-bounds read when iterating aPoints. Affected version identified by Talos: Can...

CVE-2025-62403

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

CVE-2025-62403

CANVA AFFINITY CVE-2025-62403 is an EMF parsing vulnerability in the EMF file handling (EMR_EXTTEXTOUTA) that may trigger an out-of-bounds read. Talos reports that the fault is due to an offDx offset using intercharacter spacing past the recordSize, enabling an attacker to read arbitrary memory w...

Canva Affinity 安全漏洞

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to disclose sensitive information when using specially crafted EMF files...

Cross-Scale Persistence Analysis of EM Side-Channels for Reference-Free Detection of Always-On Hardware Trojans

Always-on hardware Trojans pose a serious challenge to integrated circuit trust, as they remain active during normal operation and are difficult to detect in post-deployment settings without trusted golden references. This paper presents a reference-free detection framework based on cross-scale...

How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers

A pair of US lawmakers are calling for an investigation into how easily spies can steal information based on devices’ electromagnetic and acoustic leaks—a spying trick the NSA once codenamed TEMPEST...

Kraken: Higher-Order EM Side-Channel Attacks on DNNs in near and Far Field

The multi-million dollar investment required for modern machine learning ML has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA...

Reference-Free EM Validation Flow for Detecting Triggered Hardware Trojans

Hardware Trojans HTs threaten the trust and reliability of integrated circuits ICs, particularly when triggered HTs remain dormant during standard testing and activate only under rare conditions. Existing electromagnetic EM side-channel-based detection techniques often rely on golden references o...

Reference-Free Spectral Analysis of EM Side-Channels for Always-On Hardware Trojan Detection

Always-on hardware Trojans HTs pose a critical risk to trusted microelectronics, yet most side-channel detection methods rely on unavailable golden references. We present a reference-free approach that combines time-frequency EM analysis with Gaussian Mixture Models GMMs. By applying Short-Time...

Breaking ECDSA with Electromagnetic Side-Channel Attacks: Challenges and Practicality on Modern Smartphones

Smartphones handle sensitive tasks such as messaging and payment and may soon support critical electronic identification through initiatives such as the European Digital Identity EUDI wallet, currently under development. Yet the susceptibility of modern smartphones to physical side-channel analys...

Keyless Entry: Breaking and Entering EMMC RPMB with EMFI

The Replay Protected Memory Block RPMB in modern storage systems provides a secure area where data integrity is ensured by authentication. This block is used in digital devices to store pivotal information that must be safeguarded against modification by potential attackers. This paper targets th...

CVE-2025-12357

By manipulating the Signal Level Attenuation Characterization SLAC protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close...

CVE-2025-12357

CVE-2025-12357 describes a vulnerability in EV charging systems that use ISO 15118-2, where an attacker can manipulate the Signal Level Attenuation Characterization (SLAC) protocol via spoofed measurements to stage a near-field MITM attack between an electric vehicle and charging stations. The at...

This Is the Nuclear-Powered Ship Deployed in Trump’s War on Drug Boats

The USS Gerald R. Ford is a $13 billion aircraft carrier sailing to the Caribbean with nuclear propulsion, an electromagnetic plane launcher, and 90 aircraft onboard...