Analog malicious hardware

Worth a read: thispaper [PDF] From Kaiyuan Yang et al. on how an analog back door can beplaced into a hardware platform like a CPU. "In this paper, we showhow a fabrication-time attacker can leverage analog circuits to create ahardware attack that is small (i.e., requires as little as one gate) andstealthy (i.e., requires an unlikely trigger sequence before effecting[sic] achip's functionality). In the open spaces of an already placed and routeddesign, we construct a circuit that uses capacitors to siphon charge fromnearby wires as they transition between digital values. When the capacitorsfully charge, they deploy an attack that forces a victim flip-flop to adesired value. We weaponize this attack into a remotely-controllableprivilege escalation by attaching the capacitor to a wire controllable andby selecting a victim flip-flop that holds the privilege bit for ourprocessor."