SoylentNews

An Anonymous Coward writes:

https://lwn.net/Articles/688751/ [lwn.net]

"Worth a read: this paper [PDF][1][2] From Kaiyuan Yang et al. on how an analog back door can be placed into a hardware platform like a CPU. "In this paper, we show how a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting [sic] a chip's functionality). In the open spaces of an already placed and routed design, we construct a circuit that uses capacitors to siphon charge from nearby wires as they transition between digital values. When the capacitors fully charge, they deploy an attack that forces a victim flip-flop to a desired value. We weaponize this attack into a remotely-controllable privilege escalation by attaching the capacitor to a wire controllable and by selecting a victim flip-flop that holds the privilege bit for our processor.""

[1] Link to PDF in article: http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf [sqspcdn.com]
[2] Read PDF online as images: (Large print) https://archive.is/n43DY [archive.is]
[3] Read PDF online as images: (Small print) https://archive.is/7vbNp [archive.is]

Original Submission