Mathy Vanhoef

The US government is considering punishing American scientists who worked with Chinese researchers *years ago, retroactively*.

I've found AI tools to be quite useful too look for related work. And apparently so do others, searching Google Scholar for "utm_source=chatgpt.com" gives 13,900+ hits ;) scholar.google.com/scholar?star...

One-day data block introduced on Russian SIM cards being brought back into country — Novaya Gazeta Europe The Russian authorities have begun blocking mobile phones being brought back into the country from abroad for 24 hours in an attempt to undermine Ukrainian drone strikes, the Ministry of Digital Devel...

Russia is blocking mobile phones being brought back into the country from abroad for 24 hours, in an attempt to mitigate drone attacks. Seems like this can probably be bypassed using relay "worm hole" attacks, though it adds some complexity.

novayagazeta.eu/articles/202...

ICANN Announces First Cohort of Grant Program Recipients Following an extensive applicant review period, ICANN has announced some of the projects that will receive funding in the ICANN Grant Program’s first cycle.

woo! $10 MM USD in grants from ICANN... amazing. And great grantees here! "ICANN Announces First Cohort of Grant Program Recipients" www.icann.org/en/announcem...

(Self-)Nomination for the USENIX Security '26 Artifact Evaluation Committee (AEC) For the seventh year, USENIX Security allows the evaluation of artifacts that support a paper: software, hardware, evaluation data and documentation, raw measurement data, raw survey results, mechaniz...

Last chance to (self-) nominate for USENIX Security'26 Artifact Evaluation Committee!
You should expect a low load of ~1 artifact for functionality/reproducibility assessments per cycle (max 3 for the whole year).

Please support Open Science and fill the form by Oct 17: forms.gle/WoYRX4govNY1... 🚀

I have been learning more about PDFs than I really wanted to for maybe the absolutely most funny reason possible - letting agency forgery: mjg59.dreamwidth.org/73317.html

The West has a blindspot when it comes to alternative CPU designs.



We’re so entrenched in the usual x86, ARM, RISC-V world, that most people have no idea what’s happening over in China.



LoongArch is a fully independent ISA that’s sorta MIPS…sorta RISC-V…and sorta x87!

At USENIX Security? Then check out:

Studying the Use of CVEs in Academia, won distinguished paper award www.usenix.org/conference/u...

Discovering and Exploiting Vulnerable Tunnelling Hosts, won most innovative research Pwnie @ DEFCON www.usenix.org/conference/u...

Big thanks to all co-authors!!

I'm thrilled to announce that after months of intensive work, the complete materials for my Applied Cryptography course at the American University of Beirut are now finished: both Part 1 (Provable Security) and Part 2 (Real-World Cryptography)!

Good luck :)

Breaking: NSF is suspending roughly 300 grants with UCLA, following a DOJ finding on Tuesday that the university violated Title VI by "creating a hostile educational environment for Jewish and Israeli students."

Our research on open tunneling servers got nominated for the Most Innovative Research award :)

The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security

Brief summary and code: github.com/vanhoefm/tun...
Paper: papers.mathyvanhoef.com/usenix2025-t...

Disclosure timeline is on X/twitter: reported in 2012, but no real response because it was considered theoretical. They weren't given access to a train's test track facility, so impossible to confirm ethically in practice. Devices now considered end of life. Replacement is maybe here in 2027..

Suspicious Train Disruptions in Poland: Is Russia Pulling the Levers? | RAILTARGET Over the past weekend, Poland experienced an unusual series of train stoppages that have raised serious national security concerns.

Also in Poland. It was used by Russia in 2023 to stop about 20 trains.

Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...

Reminder that the MSCA postdoctoral program exists. If you have a PhD and want to work in a European lab, you have until September to apply. Just contact them now.

ec.europa.eu/info/funding...

PP027: How Wi-Fi Positioning Systems Enable Mass Surveillance | Packet Pushers In today's Packet Protector podcast we explore the rich and terrifying potential of using Wi-Fi-based Positioning Systems for mass surveillance with researchers from the University of Maryland. We dis...

Finally got round to listen to this marvel of an episode on BSSID vulnerabilities.
Very informative and quite shocking. Give it a listen.

I somehow missed this paper. Creative work of the authors, thanks for sharing!

Senate GOP budget bill has little-noticed provision that could hurt your Wi-Fi Cruz bill could take 6 GHz spectrum away from Wi-Fi, give it to mobile carriers.

Senate GOP budget bill has little-noticed provision that could hurt your Wi-Fi arstechnica.com/tech-policy/... ==> Possibly no 6GHz for Wi-Fi 7

Reminder to apply to be part of the artifact evaluation committee of NDSS'26! And share with your colleagues :) We'll likely close this form around the end of next week.

Self-nomination for the Artifact Evaluation Committee of NDSS 2026 We are looking for members of the Artifact Evaluation Committee (AEC) of NDSS 2026. The Network and Distributed System Security symposium adopts an Artifact Evaluation (AE) process allowing authors t...

All papers should publish their code. Help realize this by becoming an artifact reviewer at NDSS'26, apply here: docs.google.com/forms/d/e/1F...

You'll review artifacts of accepted papers. We especially encourage junior/senior PhD students & PostDocs to help. Distinguished reviews will get awards!

I saw that too.. good luck with the submission!

Lee Jae-myung going beast mode

Lee Jae-myung, the South Korean politician who climbed the fence of the parliament to get inside and vote against martial law, has been elected president. Pretty cooool

The Wi-Fi Alliance test plan is something I haven't seen myself... it's indeed annoying to get familiar with the big picture. Though I would say that the Dragonfly RFC can be ignored, the full description is in the IEEE 802.11 standard, and 802.11 contains updates to the side-channel leaks etc.

So the WPA3 document is basically "support these features of the 802.11 standard, and some minor extensions in that document, and then you can call yourself WPA3" + some best practices

A lot of 'WPA3' is a marketing and test suite on top of the 802.11 standard. I don't think the 2024 release of 802.11 made any substantial changes to SAE. Instead, the 2024 release incorporated other amendments like 802.11ax and 802.11ay into a single document.

The GET program makes standards available after 6 months. But you're unlucky with timing: last month the 2024 edition of 802.11 was released. This means the 2020 version is no longer accessible under GET, and you need to wait 6 months for the 2024 edition under GET access. Yeah, I know...

Core of WPA3 is Simultaneous Authentication of Equals (SAE), defined in IEEE 802.11, the 2024 version of that document will be available for free in around 6 months... The WPA3 'spec' on top of IEEE is public

Self-nomination for the Artifact Evaluation Committee of NDSS 2026 We are looking for members of the Artifact Evaluation Committee (AEC) of NDSS 2026. The Network and Distributed System Security symposium adopts an Artifact Evaluation (AE) process allowing authors t...

All papers should publish their code. Help realize this by becoming an artifact reviewer at NDSS'26, apply here: docs.google.com/forms/d/e/1F...

You'll review artifacts of accepted papers. We especially encourage junior/senior PhD students & PostDocs to help. Distinguished reviews will get awards!