you don't automatically know anything about the host machine that it doesn't tell you, so advanced DRAM refresh EMI pickup and similar techniques will require you to collect the necessary intel first.

we're guessing this situation actually looks pretty good for the user, since serial ports are generally pretty tough (no RDMA, well-developed drivers, etc)

unless it's a virtual serial port over USB, in which case you can probably magic yourself into a HID device and go nuts. uh oh,

estimated attack difficulty by port type

real serial port: very hard

usb serial port: dicey, but promising, especially if you have an evil human with a realtime uplink to do the hacking

PCIe: trivial, you have DMA

@diodelass I bet dram in SoC (die stacking) makes emi attacks like this basically impossible

@diodelass though, the domain of power-based attacks is pretty well understood. If you can get an adc onto the power rails you could potentially exfiltrate private keys from rail droop

Depends a lot on decoupling, though

The real bar you set is just making the hardware attack harder than finding another software vulnerability in your hosts software stack, which is surprisingly easy

@KitRedgrave this was just meant to mean "there are no design constraints on the internal circuitry apart from what's physically possible, since nobody is allowed to inspect the chip"

@diodelass Hmm, that might not work, as the response would never reach the modem, though that would be a way to send a one-way exploit.