IMO the point here isn’t to focus on a single attack, but rather to recognise the inherent & probably endless arms race.
True.
statistically plausible binning error
Plausible, yes. Feasible? I don’t know about that. These things often work well in laboratory environments and don’t scale to “the outside”. There are easier ways to get information out of a system, e.g. software 0days.
Yes that is true and i did have similar thoughts, for example getting a precisely stable control over eg. activation frequency while maintaining a plausible litho mask error could be tricky to make it reproducible.
On the other hand, the previously mentioned research was from a relatively small team - whereas a very well resourced team could likely produce something robust and ready for real-world. Though perhaps would likely need to be more targeted rather than a shotgun approach attack.
In any case I only started down this topic of discussion since i saw the opportunity to talk about hardware implants (which is fun to discuss), but probably doesn’t so much suit the news article in the op for the FUD-type reasons you mentioned.
True.
Plausible, yes. Feasible? I don’t know about that. These things often work well in laboratory environments and don’t scale to “the outside”. There are easier ways to get information out of a system, e.g. software 0days.
Yes that is true and i did have similar thoughts, for example getting a precisely stable control over eg. activation frequency while maintaining a plausible litho mask error could be tricky to make it reproducible.
On the other hand, the previously mentioned research was from a relatively small team - whereas a very well resourced team could likely produce something robust and ready for real-world. Though perhaps would likely need to be more targeted rather than a shotgun approach attack.
In any case I only started down this topic of discussion since i saw the opportunity to talk about hardware implants (which is fun to discuss), but probably doesn’t so much suit the news article in the op for the FUD-type reasons you mentioned.