top | item 45747217

(no title)

Whinner | 4 months ago

From the article, "The low-cost, low-complexity attack works by placing a small piece of hardware between a single physical memory chip and the motherboard slot it plugs into. It also requires the attacker to compromise the operating system kernel". "Low-complexity" requires physical access and an OS compromise? What the hell would high complexity be?

discuss

SAI_Peregrinus|4 months ago

Focused Ion Beam workstation, decap the relevant IC & probe its internal connections directly. If protected by a mesh, also use the FIB to deposit extra metal to bypass the mesh to make the probe holes. If protected by light sensors, also bypass them. Create glitches by shining highly focused lasers onto specific transistors at specific times. Etc. The sorts of attacks Christopher Tarnovsky did on a bunch of TPMs & talked about at DEFCON.

beeflet|4 months ago

I was looking for the old CCC talk about this stuff, but I ended up finding out about a project called RayV Lite which seeks to democratize this hardware

https://www.netspi.com/blog/executive-blog/hardware-and-embe...

https://github.com/ProjectLOREM/RayVLite

graemep|4 months ago

I thought the point of secure enclaves is to protect against attacks by someone with access to the hardware.

Therefore requiring physical assess is still low complexity in context.

gpderetta|4 months ago

Isn't one of the point of a secure enclave that it does not need to trust the rest of the computer it is running on?

jcranmer|4 months ago

And the images also show that "small piece of hardware" is connected to lots of chonky ribbon connectors that make IDE cables look slim.