Vinoth Deivasigamani
@vinothd.bsky.social
I lead silicon security architecture and silicon security operations teams at #Google. Previously, silicon security at #Qualcomm.
These days I work on Tensor/Pixel and Android security
These days I work on Tensor/Pixel and Android security
Attack outcome: If you mess with the ground-based time, you mess with GPS.
This affects everything from your car's driving directions to the guidance systems for precise missiles.
Sources:
www.theregister.com/2025/10/20/c...
www.cert.org.cn/publish/main...
This affects everything from your car's driving directions to the guidance systems for precise missiles.
Sources:
www.theregister.com/2025/10/20/c...
www.cert.org.cn/publish/main...
www.cert.org.cn
October 21, 2025 at 7:06 PM
Attack outcome: If you mess with the ground-based time, you mess with GPS.
This affects everything from your car's driving directions to the guidance systems for precise missiles.
Sources:
www.theregister.com/2025/10/20/c...
www.cert.org.cn/publish/main...
This affects everything from your car's driving directions to the guidance systems for precise missiles.
Sources:
www.theregister.com/2025/10/20/c...
www.cert.org.cn/publish/main...
2. GPS Navigation: GPS satellites need perfectly synchronized clocks. They have onboard atomic clocks but rely on ground stations (like NTSC) to correct for timing drifts.
(An interesting source of drift: Relativistic time dilation, because the sats move at ~9,000 mph!)
(An interesting source of drift: Relativistic time dilation, because the sats move at ~9,000 mph!)
October 21, 2025 at 7:06 PM
2. GPS Navigation: GPS satellites need perfectly synchronized clocks. They have onboard atomic clocks but rely on ground stations (like NTSC) to correct for timing drifts.
(An interesting source of drift: Relativistic time dilation, because the sats move at ~9,000 mph!)
(An interesting source of drift: Relativistic time dilation, because the sats move at ~9,000 mph!)
1. Telecommunications: Cell phone base stations must share a common clock to hand off calls. This is even more vital for low-latency 5G applications.
Attack outcome: If you disrupt the time, you can disrupt the entire communications grid.
Attack outcome: If you disrupt the time, you can disrupt the entire communications grid.
October 21, 2025 at 7:06 PM
1. Telecommunications: Cell phone base stations must share a common clock to hand off calls. This is even more vital for low-latency 5G applications.
Attack outcome: If you disrupt the time, you can disrupt the entire communications grid.
Attack outcome: If you disrupt the time, you can disrupt the entire communications grid.
Why target a timekeeper? It sounds mundane, but high-precision time is a critical national security asset.
Modern tech relies on nanosecond-level accuracy. If you can mess with time, you can disrupt critical infrastructure.
Here are two key examples:
Modern tech relies on nanosecond-level accuracy. If you can mess with time, you can disrupt critical infrastructure.
Here are two key examples:
October 21, 2025 at 7:06 PM
Why target a timekeeper? It sounds mundane, but high-precision time is a critical national security asset.
Modern tech relies on nanosecond-level accuracy. If you can mess with time, you can disrupt critical infrastructure.
Here are two key examples:
Modern tech relies on nanosecond-level accuracy. If you can mess with time, you can disrupt critical infrastructure.
Here are two key examples:
Great work, Wenyi Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger and Aaron Schulman!
satcom.sysnet.ucsd.edu/docs/dontloo...
satcom.sysnet.ucsd.edu/docs/dontloo...
satcom.sysnet.ucsd.edu
October 14, 2025 at 4:53 AM
Great work, Wenyi Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger and Aaron Schulman!
satcom.sysnet.ucsd.edu/docs/dontloo...
satcom.sysnet.ucsd.edu/docs/dontloo...
While it is important to work on futuristic threats such as Quantum cryptanalysis, backdoors in standardized cryptographic protocols, etc. - the unfortunate reality is that the vast majority of real-world attacks happen because basic protection is not enabled. Lets not take our eyes off the basics.
October 14, 2025 at 4:53 AM
While it is important to work on futuristic threats such as Quantum cryptanalysis, backdoors in standardized cryptographic protocols, etc. - the unfortunate reality is that the vast majority of real-world attacks happen because basic protection is not enabled. Lets not take our eyes off the basics.
- Walmart Mexico: Unencrypted corporate emails, plaintext credentials to inventory management systems, inventory records transferred and updated using FTP
October 14, 2025 at 4:53 AM
- Walmart Mexico: Unencrypted corporate emails, plaintext credentials to inventory management systems, inventory records transferred and updated using FTP
- AT&T Mexico cellular backhaul: Raw user internet traffic
- TelMex VOIP on satellite backhaul: Plaintext voice calls
- U.S. military: SIP traffic exposing ship names
- Mexico government and military: Unencrypted intra-government traffic
- TelMex VOIP on satellite backhaul: Plaintext voice calls
- U.S. military: SIP traffic exposing ship names
- Mexico government and military: Unencrypted intra-government traffic
October 14, 2025 at 4:53 AM
- AT&T Mexico cellular backhaul: Raw user internet traffic
- TelMex VOIP on satellite backhaul: Plaintext voice calls
- U.S. military: SIP traffic exposing ship names
- Mexico government and military: Unencrypted intra-government traffic
- TelMex VOIP on satellite backhaul: Plaintext voice calls
- U.S. military: SIP traffic exposing ship names
- Mexico government and military: Unencrypted intra-government traffic
"Almost died on the thruway today when it happened and I’m glad it didn’t cause a bigger accident with an 18-wheeler behind me being able at the last minute to shift lanes because my Jeep died, locked its hand brake and jolted so hard my face almost ended up in the steering wheel at 70mph."
October 12, 2025 at 5:15 PM
"Almost died on the thruway today when it happened and I’m glad it didn’t cause a bigger accident with an 18-wheeler behind me being able at the last minute to shift lanes because my Jeep died, locked its hand brake and jolted so hard my face almost ended up in the steering wheel at 70mph."
Availability is not antithetical to security and privacy. A well designed security system will meet availability needs.
"The Interior Ministry explained that... the G-Drive’s structure did not allow for external backups. This vulnerability ultimately left it unprotected."
"The Interior Ministry explained that... the G-Drive’s structure did not allow for external backups. This vulnerability ultimately left it unprotected."
October 5, 2025 at 10:20 PM
Availability is not antithetical to security and privacy. A well designed security system will meet availability needs.
"The Interior Ministry explained that... the G-Drive’s structure did not allow for external backups. This vulnerability ultimately left it unprotected."
"The Interior Ministry explained that... the G-Drive’s structure did not allow for external backups. This vulnerability ultimately left it unprotected."
Google Threat Intelligence Group released their analysis of 2024 0-days that the group tracked:
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Cloud Blog
This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits.
cloud.google.com
April 29, 2025 at 6:21 PM
Google Threat Intelligence Group released their analysis of 2024 0-days that the group tracked:
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
The flip side:
- % of 0-days in enterprise technologies is increasing (37% ->44%)
- Much of that is due to 0-days in *security* and networking products.
- Security/networking products generally compromised with a single vulnerability, no exploit chain required. This is scary.
- % of 0-days in enterprise technologies is increasing (37% ->44%)
- Much of that is due to 0-days in *security* and networking products.
- Security/networking products generally compromised with a single vulnerability, no exploit chain required. This is scary.
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Cloud Blog
This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits.
cloud.google.com
April 29, 2025 at 6:21 PM
The flip side:
- % of 0-days in enterprise technologies is increasing (37% ->44%)
- Much of that is due to 0-days in *security* and networking products.
- Security/networking products generally compromised with a single vulnerability, no exploit chain required. This is scary.
- % of 0-days in enterprise technologies is increasing (37% ->44%)
- Much of that is due to 0-days in *security* and networking products.
- Security/networking products generally compromised with a single vulnerability, no exploit chain required. This is scary.
And that extraction needs to be done securely, which re-introduces the problem of having the trust the manufacturing facilities, and all the complexity needed to minimize that trust.
April 17, 2025 at 6:52 AM
And that extraction needs to be done securely, which re-introduces the problem of having the trust the manufacturing facilities, and all the complexity needed to minimize that trust.
"Within hours of sending the letter, Deel’s spy inside of Rippling searched – for the first time – for this empty and never-before-used Slack channel, proving that Deel’s top executives or its legal representatives were running the covert espionage operation."
March 17, 2025 at 4:05 PM
"Within hours of sending the letter, Deel’s spy inside of Rippling searched – for the first time – for this empty and never-before-used Slack channel, proving that Deel’s top executives or its legal representatives were running the covert espionage operation."
"The letter was sent to only three people – Phillipe Bouaziz, the chairman of Deel’s board, CFO, General Counsel, and the father of Deel CEO Alex Bouaziz; Spiros Komis, Deel’s Head of US Legal; and the company’s outside counsel at law firm."
March 17, 2025 at 4:05 PM
"The letter was sent to only three people – Phillipe Bouaziz, the chairman of Deel’s board, CFO, General Counsel, and the father of Deel CEO Alex Bouaziz; Spiros Komis, Deel’s Head of US Legal; and the company’s outside counsel at law firm."