Analog malicious hardware

Post Syndicated from corbet original http://lwn.net/Articles/688751/rss

Worth a read: this
paper [PDF]
From Kaiyuan Yang et al. on how an analog back door can be
placed into a hardware platform like a CPU. “In this paper, we show
how a fabrication-time attacker can leverage analog circuits to create a
hardware attack that is small (i.e., requires as little as one gate) and
stealthy (i.e., requires an unlikely trigger sequence before effecting
[sic] a
chip’s functionality). In the open spaces of an already placed and routed
design, we construct a circuit that uses capacitors to siphon charge from
nearby wires as they transition between digital values. When the capacitors
fully charge, they deploy an attack that forces a victim flip-flop to a
desired value. We weaponize this attack into a remotely-controllable
privilege escalation by attaching the capacitor to a wire controllable and
by selecting a victim flip-flop that holds the privilege bit for our
processor.