Decoupling capacitors perform a very specific, and very easy to see function. They have two pins: C+ and C-, and the capacitor tries to keep C+ and C- at roughly the same voltage level across time. In particular, Decoupling capacitors are fully passive (non-powered) devices.
Ex: If the C+ and C- pins are 3V (on the average), then a decoupling capacitor will help keep the voltage stay at 3V. The mechanical analogue would be a flywheel: it helps regulate the voltage and prevents voltage spikes.
-------------
It makes NO SENSE for a chip to disguise itself as a decoupling capacitor. There are lots of other chips that would be a better disguise. The fundamental premise and explanation is a joke to begin with.
Like, how are you supposed to hack into a computer at the electrical level using only two pins?
Mind you: an intelligent chip-level hacking device needs... at minimum... Power, and Ground. Bam, you already used up the two pins that a decoupling capacitor has... and you haven't even touched memory or other issues yet.
Clearly, the reporters have gotten something wrong. I can believe that the reporters maybe have a real story here, but they are wandering into technical details that they clearly do NOT understand. Clearly, a mistake or misunderstanding is somewhere in that explanation.
At very least, a chip-level attacker would need... I dunno, maybe 3 or 4 pins, at the minimum. I haven't thought about it much, but its instinctively obvious that the 2-pins of a decoupling capacitor is insufficient to do any kind of hacking.
> I haven't thought about it much, but its instinctively obvious that the 2-pins of a decoupling capacitor is insufficient to do any kind of hacking.
Your instincts seem to have deceived you. There's a top-level comment with a variety of replies that discusses a 2-pin device to snoop or modify data to an I2C device, and plenty of other literature documenting the feasibility of such devices.
The distinction there is the type of device. Caps are not used on data lines. The parent comment is talking particularly about how the Bloomberg article kept referencing the attack vector as a disguised cap.
The comment that you are referring to used a 2-pin device in place of the pull-up resistor on the SDA line of an I2C bus. That does seem fascinating and I would like to read more about it but I still have a lot of reservations about real-world applications.
Caps can be used on data lines to filter out high frequency noise, as it forms an RC lowpass filter with the source impedence (see here for an example: https://jretest.com/understanding-data-signals/ ), although I do not know enough about motherboard design to know whether these caps are needed on any of the data lines.
Decoupling capacitors perform a very specific, and very easy to see function. They have two pins: C+ and C-, and the capacitor tries to keep C+ and C- at roughly the same voltage level across time. In particular, Decoupling capacitors are fully passive (non-powered) devices.
Ex: If the C+ and C- pins are 3V (on the average), then a decoupling capacitor will help keep the voltage stay at 3V. The mechanical analogue would be a flywheel: it helps regulate the voltage and prevents voltage spikes.
-------------
It makes NO SENSE for a chip to disguise itself as a decoupling capacitor. There are lots of other chips that would be a better disguise. The fundamental premise and explanation is a joke to begin with.
Like, how are you supposed to hack into a computer at the electrical level using only two pins?
Mind you: an intelligent chip-level hacking device needs... at minimum... Power, and Ground. Bam, you already used up the two pins that a decoupling capacitor has... and you haven't even touched memory or other issues yet.
Clearly, the reporters have gotten something wrong. I can believe that the reporters maybe have a real story here, but they are wandering into technical details that they clearly do NOT understand. Clearly, a mistake or misunderstanding is somewhere in that explanation.
At very least, a chip-level attacker would need... I dunno, maybe 3 or 4 pins, at the minimum. I haven't thought about it much, but its instinctively obvious that the 2-pins of a decoupling capacitor is insufficient to do any kind of hacking.