Whenever you have sharing, you usually have side channels. We're going to see more and more of this until we have much better hardware isolation.
This is a kind of obvious variant of Rowhammer, which hasn't generally been fixed AFAIK.
Hardware in the late 2010s seems a bit like Windows in the late 1990s - a house of cards waiting to collapse, but the dominant vendors know that very few customers are willing to pay more for security and reliability vs. performance/features/new and shiny.
(So if we're lucky then we'll end up with a "more secure" version of hardware that is analogous to... Windows Vista.)
Real-world side channels are going to start getting more attention as the technology and techniques for extracting information from EM radiation from circuits (not radios) leaking state improve.
>technology and techniques for extracting information from EM radiation
Whats known to the public, you mean. I suspect even the nuttier conspiracy theorists don't have a solid grasp of just what capabilities might exist among well funded secret institutions.
There have been many demos at security conferences of doing these kinds of things, "simple" things like key logging from a laptop with only a nearby radio.
Well "special hardware to detect EM radiation" is most often software-defined radios like HackRF or BladeRF among others down to TV reception dongles you can get for a few dollars (search for RTL-SDR)
It makes attacks much more limited. You need physical access to whatever machine you're attacking, versus being able to distribute code to millions of machines at once over the internet. That matters a ton.
it matters because if the hardware is difficult and expensive to obtain, an attack can be costly, and hence, won't affect the common man. Industrial espionage or state level espionage hardly changes for the common man, and since most of the hardware in use is by the common man, it's unlikely to get a real fix.
Effective antennas are reasonably easy to build from scratch (depending on the frequency band), and are commercially available in an insane number of variations. Either way is very cheap - as little as a few dollars.
Software defined radios can be had for as little as $10-20 for simple receive only types, up to several hundred for substantially nicer transceivers. They can also be $1000+ for special applications or R&D.
I think "hasn't generally been fixed" is a fair assessment. TRR is so cheap to implement and should have been made mandatory, with generous safety margins.
“RAMBleed has been demonstrated on devices with DDR3 memory chips, and Rowhammer's bit flipping on DDR4 components. DDR4 supports a defensive technique called Targeted Row Refresh, but its efficacy is uncertain. "Given the closed-source nature by which TRR is implemented, it is difficult for the security community to evaluate its effectiveness," said Kwong. "While bit flips have been demonstrated on TRR before, the extent to which TRR mitigates RAMBleed remains an open question."
> While bit flips have been demonstrated on TRR before
Yeah but when I chase down references all I can find is one saying that rowhammer was possible on a Pixel phone, in turn referencing a paper that doesn't have the word 'pixel' in it. No study about how TRR effects the difficulty, or whether TRR was set up correctly. I want a chart showing bit flip difficulty vs. TRR aggressiveness. Because you can set TRR to be very aggressive with almost no performance impact on non-malicious workloads.
This is a kind of obvious variant of Rowhammer, which hasn't generally been fixed AFAIK.
Hardware in the late 2010s seems a bit like Windows in the late 1990s - a house of cards waiting to collapse, but the dominant vendors know that very few customers are willing to pay more for security and reliability vs. performance/features/new and shiny.
(So if we're lucky then we'll end up with a "more secure" version of hardware that is analogous to... Windows Vista.)