In the first article in this series, we did a brief overview that explained backdoor hardware attacks and the potential threats they represent. This article will cover the means and motivations behind hardware attacks and highlight a couple of case studies.
Hardware attacks aren’t exclusive to state-sponsored operations. Criminal organizations could be interested to commercialize counterfeiting products or steal sensitive information to resell. Asian countries are the main areas where manufacturers have production plants. But cheap production costs could hide serious threats.
The main motivations of hardware attacks are:
- Hardware cloning
- Breaking services, obtaining them with piracy
- Imitating user authentication for system access
- Information leakage
- Unlocking devices, to gain access to an internal shell or to increase control of a system
- Unlocking hidden features
China is considered the most dangerous adversary for the western world. But they’re also a primary hardware manufacturer, from defense to consumer goods. Acquiring hardware components from China has raised an intense security debate.
In the past, the Department of Defense has been aware of receiving processors vulnerable to tampering. Some of them were complex enough to easily conceal Trojans or backdoor circuitry installed by unknown third parties. Component failures were detected in defense contractors such as Boeing, Raytheon, BAE, Northrop Grumman, and Lockheed.
After discovering that, the DoD has pushed to launch a program to evaluate hardware that reliably detects tampering operations at the circuit or chip level. Hardware validation requires accurate verification of any component of imported systems. Authenticity and security must be assured before including components in mission-critical systems.
Often, officials at the Department of Homeland Security have warned of weaknesses in the technology supply chain that result in importing devices pre-infected with malware and backdoors that leave the units vulnerable to exploitation.
Backdoor malware is no longer a secret. Kill switches and backdoors could be easily hidden in network devices from the same manufacturer and could be used to sabotage or spying by criminals or foreign states.
In 2011, the US government released the White House Cyber Policy Review, warning of risks related to the delocalization of manufacturing plants:
“The emergence of new centers for manufacturing, design, and research across the globe raises concerns about the potential for easier subversion of computers and networks through subtle hardware or software manipulations. Counterfeit products have created the most visible supply problems, but few documented examples exist of unambiguous, deliberate subversions.”
Real or Alleged Case Studies
Most recently, intelligence agencies have banned Lenovo PCs due to backdoor vulnerabilities.
That worrying news was reported by the Australian Financial Review. The article revealed that intelligence sources confirmed the ban was initiated in the mid-2000s, after a series of hardware and firmware tests on Lenovo chips.
The details are classified, but the general notion was that Lenovo PCs include vulnerabilities that could provide remote access to intruders.
Lenovo PCs banned by intelligence agencies from countries including the US, UK and Australia.
“AFR Weekend has been told that British intelligence agencies’ laboratories took a lead role in the research into Lenovo’s products. Members of the British and Australian defense and intelligence communities say that malicious modifications to Lenovo’s circuitry – beyond more typical vulnerabilities or ‘zero-days’ in its software – were discovered that could allow people to remotely access devices without the users’ knowledge. The alleged presence of these hardware ‘back doors’ remains highly classified.”
Intelligence agencies fear cyber espionage from the Chinese government, recognized as the most dangerous collector of western intellectual property and sensitive information.
Lenovo isn’t the unique. Chinese firms accused of espionage in the past include Huawei and ZTE. They have long attracted suspicion from international intelligence agencies. The former head of the CIA and NSA, Michael Hayden, publicly maintains that Huawei spies for the Chinese government.
The companies incriminated are all market leaders. The possibility that hardware backdoors are hidden in their products is a nightmare for foreign governments.
The Perfect Backdoor
The main vulnerability concern is the design of backdoors that could avoid detection mechanisms. Deliberate vulnerabilities could be introduced at different levels of production with different effects on compromised devices.
Backdoors could be substitute a component of a device or add supplementary circuits. Both methods are functionally efficient, but aren’t feasible, due to the difficulty of hiding hacks upon careful inspection.
Because of that, researchers worldwide are evaluating new methods for designing hardware backdoors. Rakshasa firmware malware and dopant-level hardware Trojans are some of the most interesting possibilities.
In the next article in the series, we will explore Rakshasa Malware in greater detail…
About the Author: Pierluigi Paganini writes for Infosec Institute and is a security expert with over 20 years of experience in the field, including being a Certified Ethical Hacker. Paganini is Chief Security Information Officer for Bit4Id, a researcher, security evangelist, security analyst and freelance writer. He is the author of the books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”, and is also Editor-in-Chief at CyberDefense Magazine and Security Affairs.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Top Five Hacker Tools Every CISO Should Understand
- Five More Hacker Tools Every CISO Should Understand
- Security Response Part 1: Don’t Shoot the Messenger
- Your Enterprise Vulnerability Management Reality Check
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock