EE+FPGA folks: does presence of an FPGA in a device without strong (opto or at least galvanic) isolation necessarily make large classes of local physical/glitch attacks into potential remote attack vectors? I suspect so.
-
-
Replying to @RichFelker
What type of use case are you thinking about? Something like Amazon F1? One of those NICs with an FPGA? Something else?
1 reply 0 retweets 0 likes -
Replying to @rqou_
Obviously things where the FPGA has access to a major bus without IOMMU already have gaping vulnerability to malicious bitstream, so I was thinking more subtle cases...
1 reply 0 retweets 0 likes -
Replying to @RichFelker @rqou_
Like where the FPGA might just be connected to a USB host controller, UART, or similar.
1 reply 0 retweets 0 likes -
-
Replying to @rqou_
By "remote" I mean via an attack that lets you [get the user to] replace the FPGA bitstream with a malicious one.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @rqou_
Normally glitch attacks are something you perform on a device you have in your physical custody. By presence of FPGA means maybe you can program the FPGA to do it for you, remotely.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
This might be possible, but you are usually pretty limited in what type of glitch you would be able to inject since the FPGA probably doesn't e.g. have an IO connected to a power rail. Overall I'm just not sure why you're concerned though?
1 reply 0 retweets 0 likes -
But yeah the original question was pretty much asking the scope of glitches that might be possible. BTW don't discount very-close-proximity RFI as a vector.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.