The capillary diffusion of technology in our society has an important consequence. Hardware has to be properly analyzed during acquisition and qualification phases of the supply chain.
We’re surrounded by electronic devices and appliances that in many cases perform critical functions in areas such as telecommunications, defense and health. Because of that, it’s crucial to validate electronic components they contain.
Any one of those devices could be equipped with a software or hardware backdoor with serious repercussions. The presence of hardware backdoors in particular represents a nightmare for the security community.
In this series, I’ll explore some of most insidious backdoor hardware attacks and techniques for prevention and detection.
One of the main consequences of the world economic crisis was budget cuts for manufacturing and security validation, in both public and private sectors. Unfortunately, the cost is considered the factor that most influences the final choice for buyers. This led to the decline in the use of authorized resellers.
Orders today are usually made directly to manufacturers located in the Far East due to cheaper production costs. Those areas are considered to be conflicting because their governments are responsible for the majority of cyber attacks against western companies.
The risk of acquiring hardware components with a backdoor is concrete. Asian governments aren’t exclusively accused of stealthily designing backdoors. Recently, Edward Snowden revealed that the NSA requested that the US manufacture to plant a backdoors in exported products.
Malicious hardware modifications from insiders represent a serious threat. System complexity, the large number of designers and engineers involved in every project and the delocalization of production in risky countries due to low cost poses a security threat.
A malicious individual could alter a small component in the overall system for espionage or sabotage. Such attacks can be especially devastating in security-critical industries, such as the military.
The introduction of hardware Trojans could happen in each phase of the supply chain, depending on the methods adopted by attackers and on the technology used for hacking.
Common hardware attacks include:
- Manufacturing backdoors, for malware or other penetrative purposes; backdoors aren’t limited to software and hardware, but they also affect embedded radio-frequency identification (RFID) chips and memory
- Eavesdropping by gaining access to protected memory without opening other hardware
- Inducing faults, causing the interruption of normal behavior
- Hardware modification tampering with invasive operations; hardware or jailbroken software
- Backdoor creation; the presence of hidden methods for bypassing normal computer authentication systems
- Counterfeiting product assets that can produce extraordinary operations, and those made to gain malicious access to systems
Hardware attacks pertain to the following devices:
- Access control systems such as authentication tokens
- Network appliances
- Industrial control systems
- Surveillance systems
- Components of communication infrastructure
Attackers could also act at lower levels to affect the work of microcircuits, fundamental components of any electronic device. Recently researchers have explored the possibility of modifying hardware behavior by managing the concentration of dopant in electronic components or altering its polarity.
Scientists Adam Waksman and Simha Sethumadhavan provided further ideas of types of hardware backdoors:
- Ticking time bombs– An attacker could program a time bomb backdoor into HDL code that automatically triggers backdoors after a pre-determined ﬁxed amount of time after the power-on of a device. A device could be forced to crash or operate maliciously after a determined number of clock cycles. It’s clear that this type of attack could be very dangerous. An attacker could design a kill switch function that could be undetectable by any validation methods.
- Cheat codes– An attacker could program backdoor triggers based on specific input data, otherwise known as “cheat codes.” A “cheat code” is secret data that the attacker uses to identify themselves to hardware backdoor logic. It’ll then initiate a malicious operation mode. Of course, the code must be unique to avoid being accidentally provided during validation tests. As opposed to time bombs, this kind of backdoor needs a second attack vector, the “cheat code.” The attacker could provide “cheat codes” which send a single data value containing the entire code (single-shot “cheat codes”) or a large cheat code in multiple pieces (sequential “cheat codes”).
In the next article in the series, we will explore the means and motivations behind hardware backdoors…
About the Author: Pierluigi Paganini writes for Infosec Institute and is a security expert with over 20 years of experience in the field, including being a Certified Ethical Hacker. Paganini is Chief Security Information Officer for Bit4Id, a researcher, security evangelist, security analyst and freelance writer. He is the author of the books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”, and is also Editor-in-Chief at CyberDefense Magazine and Security Affairs.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Top Five Hacker Tools Every CISO Should Understand
- Five More Hacker Tools Every CISO Should Understand
- Security Response Part 1: Don’t Shoot the Messenger
- Your Enterprise Vulnerability Management Reality Check
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock