[Resource Topic] 2022/1110: Invisible Formula Attacks

Welcome to the resource topic for 2022/1110

Invisible Formula Attacks

Authors: David Naccache, Ofer Yifrach-Stav


This brief note introduces a new attack vector applicable to a symbolic computation tool routinely used by cryptographers.

The attack takes advantage of the fact that the very rich user interface allows displaying formulae in invisible color or in font size zero. This allows to render some code portions invisible when opened using the tool.

We implement a classical fault attack thanks to this deceptive mechanism but other cryptographic or non-cryptographic attacks (e.g. formatting the victim’s disk or installing rootkits) can be easily conducted using identical techniques.

This underlines the importance of creating malware detection software for symbolic computation tools. Such protections do not exist as of today.

We stress that our observation is not a vulnerability in Mathematica but rather a misuse of the rich possibilities offered by the software.

ePrint: https://eprint.iacr.org/2022/1110

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .