EE+FPGA folks: does presence of an FPGA in a device without strong (opto or at least galvanic) isolation necessarily make large classes of local physical/glitch attacks into potential remote attack vectors? I suspect so.
Obviously things where the FPGA has access to a major bus without IOMMU already have gaping vulnerability to malicious bitstream, so I was thinking more subtle cases...
-
-
Like where the FPGA might just be connected to a USB host controller, UART, or similar.
-
I don't see how this gives you remote attacks?
-
By "remote" I mean via an attack that lets you [get the user to] replace the FPGA bitstream with a malicious one.
-
Normally glitch attacks are something you perform on a device you have in your physical custody. By presence of FPGA means maybe you can program the FPGA to do it for you, remotely.
-
This might be possible, but you are usually pretty limited in what type of glitch you would be able to inject since the FPGA probably doesn't e.g. have an IO connected to a power rail. Overall I'm just not sure why you're concerned though?
-
Because infosec is what I do. :-)
-
But yeah the original question was pretty much asking the scope of glitches that might be possible. BTW don't discount very-close-proximity RFI as a vector.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.