Since nobody seemed to actually answer your question: the answer is that ram is actually really simple electrically. Modern DDR5 is very difficult and expensive to manufacture at scale, but is very simple to design.
If someone were to try and poison a memory package, it would be massively obvious by virtue of the package being larger, being very electrically noisy, or by sucking an order of magnitude more power to function.
DRAM sockets are not generic pci busses, and cannot be used on a typical motherboard to load arbitrary hardware the way USB or PCIE can.
Also, the way ram works, you really couldn’t do much more than read contents and relay via an on-dir radio, which would have to be super short range. Even something as “simple” as Bluetooth or wifi would be too big, too slow and take too much power to still function as a memory die.
You should be way more scared of cloud services, appliances, or iot devices than a stick of DDR5.
Tl/DR: it’d be prohibitively expensive and itd have nowhere to go, if it could even work at all without Corsair noticing.
Thanks for the in-depth response, I learned a little bit from you. :)
I’m reminded of the old black hat proof of concepts about reading bits of data via network adapter LEDs, or about listening to sound cards in other rooms doing their signal processing.
I low key kind of love the idea of an evil exfiltration scheme to use a local sound card to receive information about memory contents and then try to pass it somehow desperately over the internet, only now to be thwarted by a mute button. 🤣
IOW one installs their DRAM and it comes with LED lights. Those require their software to control. One should be far more concerned with the RGB software doing something nefarious than the hardware.
Ok awesome, thanks for explaining that. I didn’t know what could be the attack vector (if any). After the supermicro(?) thing a few years back, it made me question what we actually know about the security of physical hardware.
Since nobody seemed to actually answer your question: the answer is that ram is actually really simple electrically. Modern DDR5 is very difficult and expensive to manufacture at scale, but is very simple to design.
If someone were to try and poison a memory package, it would be massively obvious by virtue of the package being larger, being very electrically noisy, or by sucking an order of magnitude more power to function.
DRAM sockets are not generic pci busses, and cannot be used on a typical motherboard to load arbitrary hardware the way USB or PCIE can.
Also, the way ram works, you really couldn’t do much more than read contents and relay via an on-dir radio, which would have to be super short range. Even something as “simple” as Bluetooth or wifi would be too big, too slow and take too much power to still function as a memory die.
You should be way more scared of cloud services, appliances, or iot devices than a stick of DDR5.
Tl/DR: it’d be prohibitively expensive and itd have nowhere to go, if it could even work at all without Corsair noticing.
Thanks for the in-depth response, I learned a little bit from you. :)
I’m reminded of the old black hat proof of concepts about reading bits of data via network adapter LEDs, or about listening to sound cards in other rooms doing their signal processing.
I low key kind of love the idea of an evil exfiltration scheme to use a local sound card to receive information about memory contents and then try to pass it somehow desperately over the internet, only now to be thwarted by a mute button. 🤣
Those types of attacks are called “side-channel” attacks. If you wanted to look up stories of more. Fascinating history there.
IOW one installs their DRAM and it comes with LED lights. Those require their software to control. One should be far more concerned with the RGB software doing something nefarious than the hardware.
Ok awesome, thanks for explaining that. I didn’t know what could be the attack vector (if any). After the supermicro(?) thing a few years back, it made me question what we actually know about the security of physical hardware.