Malicious Hardware Hacking May Be the Next Frontier

An anonymous reader writes "It's a given that hackers will target software, and that's enough for many people to worry about. But now there's the possibility that hackers would hide malicious code in the hardware itself. A hardware hack could be an annoyance, by stopping a mobile phone from functioning. Or it could be more dangerous, if it damages the way a critical system operates. Villasenor says there are several types of attacks. Broadly they would fall into two categories: one is when a block stops a chip from functioning, while the other involves shipping data out."

CPLD?

[MrFurious5150]

IANAEE, but isn't this already a potential problem with CPLDs? Or would you consider that a software/firmware hack?

Re:CPLD?

[betterunixthanunix]

People have been hacking hardware for a really long time, longer than they have been hacking software. My security engineering textbook lists a number of hardware hacks that were used for espionage, particularly side channel attacks and other signals intelligence. Creating hardware trojan horses is an old trick; you might even say it dates back as far as the Trojan war.

Re:[Insert scary possibility]

[cygnwolf]

I have to agree. While I concede the point that someone can make malicious hardware, it seems like it would be -a lot- harder to infect someone's system with it than it would be to infect them with malicious code. Based on the headline, I would have thought this was an article about the people who call themselves hardware hackers who are trying to make hardware BETTER. Garage engineers, that sort. Unfortunately, these days, the word 'Hacker' carries a very negative connotation and it seems like, from this article, that some people are trying to perpetuate it.

Hardware is traceable, software is not

[timholman]

Disclaimer: I've been involved in some research in verification of ASICs to uncover trojan hardware. Frankly, I think the threat of hardware hacks tends to be overblown.

The problem with planting Trojan circuits in hardware is that they're traceable. Given a compromised chip, you can locate the manufacturer and the fab it came from, and work backwards to the people who had access to the layout. It would be a financial and P.R. disaster for any third party vendor that allowed such a thing to happen. Who would ever trust them again with a design? These companies want to make money, and allowing government or criminal organizations to compromise the manufacturing process is too big a risk.

On top of that, using a hardware hack is equivalent to firing a shotgun into a swarm of gnats. How can you know that a hacked chip is going to make it into a box that just might happen to be used by a competitor you care about? It's an insane risk with a ridiculously small hope of payoff.

The way to compromise systems is the way that has worked extremely well so far - via software. You can target the attack, you can cover your tracks, and you have plausible deniability if you're caught. If you bribe someone inside the organization, you can place the software you want right on the machines you care about. And as long as organizations keep using Windows, you'll never run out of attack vectors.

Re:Uhhh...

[PrecambrianRabbit]

Although it's not the solution mentioned in the article, one possibility is to have two competing outsourcers produce the same block, then add comparison logic that verifies that each block is doing the same thing.

Of course, this more than doubles the chip area. Also, the checking logic could be very difficult or practically impossible depending on the complexity of the block.