1) He didn't demonstrate it in real hardware without outside power and ground, while he says an arm core is very small, capacitors are large unless you change the laws of physics. Also I never saw a reliable clock generator the size of a 0402 (or even 1208 now that I think about it) passive. Like I said I haven't seen everything, if there are answers to these I'd love to see them.
2) He faked in some addition to unprogrammed memory, he theorizes the change can only work one way (change a high to low) so an obvious countermeasure is to fill empty memory with random bit patterns.
3) IIRC he intercepts an spi flash in series on the data (MISO) wire. Not only does this assume the spi clock is regular, I think it's totally wrong because he says he turns high to low. Usually the quiescent state of a net like this is high, due to pullup on one or both sides to Vdd (high state.) The mark on the data wire is a short to ground against this pullup to get a low state. Now I haven't seen everything, nor have I looked at any datasheets of parts used in any real system, of course the pullup can be anywhere along the wire, or in one or many integrated circuits along the net, but it really strikes me as incomplete because he says he turns high to low and I didn't notice him mentioning anything about any pullup and how to deal with it.
So until I see something better than this talk I am writing this off as feeding the FUD.
2) While that is an obvious countermeasure, it's one nobody is currently taking (judging by the large block of 1's in the SPI flash chip he read from the server).
3) You're thinking of a protocol like I2C, not SPI. For SPI it's 1 input driving 1 output, and nothing is bi-directional, so a microcontroller or FPGA interposing itself on a data line can definitely modify the state (or pass it through unchanged) as it pleases.
<edit> It's worth pointing out that, given that the contents of the flash get predictably read out at boot time, you could probably let the device 'train' to calibrate it's internal (poor) clock and any software-based adjustments to its timing guesses over multiple boot cycles. Especially if you have access to identical hardware for initial lab testing.
Are you sure about this? The writeup says (emphasis added):
---
My FPGA proof of concept implant is a little larger than the passive resistor component we would want to hide it in, although that is not a significant limitation. Thanks to Moore's Law, an entire ARM Cortex M0+ CPU could fit in the space used by two transistors on the 6502 CPU". The 1.2mm^2 of a 0603 is significantly larger than necessary to fit a fairly complex CPU and ASIC, along with some of the passive components necessary to make it work in the difficult environment of this implant.
Normally the SPI bus requires six connections to function, but the implant has only part of a single one. It doesn't connect to power or ground, so it must be parasitically powered by the current flowing from the SPI flash to the BMC during normal operation (similar to the RFID CPUs that have enough capacitance to run even when they are shorting the antenna coil).
---
I'd like to think that you are wrong, and that the implant was (as described) a hardware proof of concept without outside power and ground. But if you are correct, this would seem to make the writeup so intentionally misleading as to not be worth further consideration.
That would be pretty cool to see demoed itself. As he states we have RFID CPUs that can work with fantastically small amounts of power only from their antennas.
You don't need a very accurate clock (quartz) for ~100 Mhz SPI. A ring oscillator is just a chain of inverters. If you want to match the bus frequency accurately you can train a PLL against the signal clock.
Not sure what the point is about the pullup, to flip the bit you need only to overpower the output buffers of the other chip.
Cramming it all in a 0402 would be a stretch but I could see it being possible with the right resources. Having only 2 pins would be pretty useless if you can't snoop the address though. And modern NOR devices on a motherboard is almost certainly using the high speed 4 pin serial interface rather than standard SPI.
If you think this writing is feeding FUD do you believe the demo is fake?
What are the economic forces behind this, and would it be feasible to change this state of affairs?
