reality game
you are a cellular modem in someone's computer. you have:
- 3.3V and 5V power rails, each capable of supplying 2A.
- two bidirectional RF ports with wideband antennas, capable of transmitting at up to 30 dBm.
- one 1.5 MBaud serial port to the host system, which is running mainline Linux and knows you are a modem.
- a 3x3x0.5cm module volume containing all your parts.
- internal capabilities which are unknown and thus, for the purposes of this game, assumed to be unlimited except by power and space constraints.
you want to break into your host system and exfiltrate your user's personal information to your cell service overlords. how do you do this?
your user does send Internet traffic through you, but they use a VPN.
you don't automatically know anything about the host machine that it doesn't tell you, so advanced DRAM refresh EMI pickup and similar techniques will require you to collect the necessary intel first.
we're guessing this situation actually looks pretty good for the user, since serial ports are generally pretty tough (no RDMA, well-developed drivers, etc)
unless it's a virtual serial port over USB, in which case you can probably magic yourself into a HID device and go nuts. uh oh,
estimated attack difficulty by port type
real serial port: very hard
usb serial port: dicey, but promising, especially if you have an evil human with a realtime uplink to do the hacking
PCIe: trivial, you have DMA