The attack does posit physical access to the device. For most current
devices, this renders this attack somewhat theoretical, but for future
devices such as smart cards and keitai with critical information, this
might be more of an issue. The attack attempts to place code into
memory, and then hope that a bit error can be introduced to cause the
trusted portion of the system to execute the attack code.
It is an interesting attack, and may prompt some manufacturers to start
using ECC type memory in portable devices; other solutions include
separate instruction and data spaces or privileged and non privilege
memory. Any one of these solutions would be sufficient to guard against
this method of attack, should it prove a significant vulnerability in
practice.
On Sunday, May 18, 2003, at 05:21 AM, Tim Romero wrote:
>>> Bit-flipping "attacks" are interesting academically, perhaps, but I
>>> fail
>>> to see how it is a security concern. The attack requires both
>>> physical
>>> access to the hardware and low level access to the operating system.
>> It requires neither of these. Clearly you didn't read the paper.
> I did actually, but perhaps I misunderstood. The authors had a
> light bulb centimeters away from chips. I don't see how this can be
> accomplished without physical access.
Received on Mon May 19 05:27:43 2003