back to article Systems-on-a-chip are a huge, unaudited attack surface, says Project Zero's Wi‑Fi attack man

The internal inter-chip communications of devices like smartphones are a “huge, mostly unaudited attack surface,” according to Gal Beniamini of Google’s Project Zero, in his promised follow-up to last week’s demonstration of how to attack Wi‑Fi chips over the air. His April 4 “part one” prompted emergency patches from Apple …

  1. Will Godfrey Silver badge
    Unhappy

    What a surprise

    PCIe the easy one. Who would have imagined DMA could ever be a problem.

    1. HwBoffin

      Re: What a surprise

      Last year I developed a PCIe add on card with a nice FPGA and assorted peripherals, and one of the proofs of concept that I did to show my boss how well it worked was using memory writes from the FPGA to the video card, as would be used by enabling a DMA from the host CPU.

      Neither Linux and Windows were aware that I was reading and writing all around the video memory, IO space and the system's DDR RAM.

      PCIe is really a true multi host bus without any kind of security. If the root device ennumerates you, you're free to roam and break havoc as you wish.

      1. Infernoz Bronze badge
        Facepalm

        Re: What a surprise

        Ouch!

        Fixing this probably requires that all DMA controllers include security restricting which memory areas each device can read/write to, possibly via temporary, time and/or access limited, unique tokens linked to a specific address range. Oh course this discovery reveals an exploit sewer for DMA controllers which can't do this!

  2. John Smith 19 Gold badge
    Unhappy

    it's 2017 and you can still trick processors that should not be receiving code into executing stuff

    directly.

    I know, it's very complicated to make things secure. Difficult to stop gaps in protocols blah blah.

    But were Broadcom thinking "Ha, this is way too complex for mere mortals to unscramble. No one in their right minds would bother"

    Surprise.

  3. Anonymous Coward
    Anonymous Coward

    "Wi‑Fi attack man"

    Nice job title ....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like