This work addresses a long-overlooked security vulnerability in 2.5D/3D chiplet-based integrated architectures: the risk of cross-chiplet physical side-channel attacks. We propose and formally define a novel threat model wherein an on-package communication-oriented chiplet—such as one incorporating an integrated antenna or RFID structure—acts as an internal observation platform to eavesdrop on neighboring victim chiplets via electromagnetic coupling. By integrating electromagnetic analysis, signal acquisition, and correlation modeling, we experimentally validate the feasibility of this attack vector in a real-world advanced packaging environment. Our results demonstrate that an adversary can effectively recover operational activity information from a victim chiplet through signals captured by the communication chiplet, thereby exposing a critical blind spot in current hardware security design practices.

Advanced packaging and chiplet-based integration are increasingly adopted to build complex heterogeneous systems beyond the limits of monolithic scaling. While these architectures offer major benefits in terms of modularity, yield, and performance, they also introduce new physical attack surfaces. In this paper, we show that side-channel attacks can be mounted across chiplets within the same package or stack. Our key idea is that a communication-oriented chiplet, originally intended to interact with the external environment through an antenna, an RFID-like element, or another contactless coupling structure, can be repurposed as an internal observation platform. We formalize this threat through a realistic adversary model, describe the corresponding attack principle, and experimentally assess its feasibility. The obtained results demonstrate that signals captured through such a communication-oriented interface can reveal information correlated with the activity of a neighboring victim chiplet.