"But this clever hack is probably not limited to RF and is likely to also be embedded in transformers used for isolating Ethernet lines."
I was thinking along the same lines: a balun could harvest energy and use it for other purposes, but it should either store it for later use using maybe a tiny supercapacitor inside, or inject it into the data stream on the fly not unlike RFID dongles do. Or maybe just have enough power and memory to store a few hundred bytes and alter a few fields here and there, so that for example a network frame coming from a compromised machine can have its source field rewritten as it came from a trusted source.
In theory small pull up resistors also could be swapped with lookalike malicious parts capable of tampering with i2c traffic between boards peripherals so that devices can be activated/deactivated no matter what the CPU tells them.
We're going straight to the point when there won't be a single device in the world, from toasters to supercomputers through top brand network gear, that can claim and guarantee to be secure; inserting malicious hardware and firmware is getting just too easy for those with the necessary knowledge and resources. A technically interesting and scary scenario.
I was thinking along the same lines: a balun could harvest energy and use it for other purposes, but it should either store it for later use using maybe a tiny supercapacitor inside, or inject it into the data stream on the fly not unlike RFID dongles do. Or maybe just have enough power and memory to store a few hundred bytes and alter a few fields here and there, so that for example a network frame coming from a compromised machine can have its source field rewritten as it came from a trusted source. In theory small pull up resistors also could be swapped with lookalike malicious parts capable of tampering with i2c traffic between boards peripherals so that devices can be activated/deactivated no matter what the CPU tells them.
We're going straight to the point when there won't be a single device in the world, from toasters to supercomputers through top brand network gear, that can claim and guarantee to be secure; inserting malicious hardware and firmware is getting just too easy for those with the necessary knowledge and resources. A technically interesting and scary scenario.