(keitai-l) Re: bitflipping out of the sandbox

From: <t3_at_t3.org>
Date: 05/17/03
Message-Id: <20030517142527.FA2C.T3@t3.org>
Bit-flipping "attacks" are interesting academically, perhaps, but I fail
to see how it is a security concern. The attack requires both physical
access to the hardware and low level access to the operating system.

1) First you load a malicious program into non-sandbox memory.

2) You then fill all the computer's available memory with the address of
the malicious program. 

3) You then apply heat - or any kind of energy - to the CPU causing a
hardware error that will cause the CPU to jump to a random memory
location. This will either cause the computer to crash or to execute the
malicious code that you have loaded previously. 

If you can do either step one or two, there is no need for step three.

It's Rube Goldberg security attack. 

Tim
Received on Sat May 17 08:39:56 2003