Hardware backdoor

A hardware backdoor is a backdoor implemented within the physical components of a computer system, also known as its hardware. They can be created by introducing malicious code to a component's firmware, or even during the manufacturing process of a integrated circuit, known as a hardware trojan.[1][2] Often, they are used to undermine security in smartcards and cryptoprocessors, unless investment is made in anti-backdoor design methods.[3] They have also been considered for car hacking.[4]

Background

The existence of hardware backdoors poses significant security risks for several reasons. They are difficult to detect and are impossible to remove using conventional methods like antivirus software. They can also bypass other security measures, such as disk encryption. Hardware trojans can be introduced during manufacturing where the end-user lacks control over the production chain.[1]

History

In 2008, the FBI reported the discovery of approximately 3,500 counterfeit Cisco network components in the United States, some of which were introduced in military and government infrastructure.[5]

A few years later, in 2011, Jonathan Brossard presented "Rakshasa", a proof-of-concept hardware backdoor. This backdoor could be installed by an individual with physical access to the hardware. It utilized coreboot to re-flash the BIOS with a SeaBIOS and iPXE-based bootkit composed of legitimate, open-source tools, allowing malware to be fetched from the internet during the boot process.[1]

The following year, in 2012, Sergei Skorobogatov and Christopher Woods from the University of Cambridge Computer Laboratory reported the discovery of a backdoor in a military-grade FPGA device, which could be exploited to access and modify sensitive information.[6][7][8] It has been said that this was proven to be a software problem and not a deliberate attempt at sabotage. This still brought to attention that equipment manufacturers should ensure that microchips operate as intended.[9][10] Later that year, two mobile phones developed by the Chinese company ZTE were found to carry a root access backdoor. According to security researcher Dmitri Alperovitch, the exploit used a hard-coded password in its software.[11]

Starting in 2012, the United States stated that Huawei might have backdoors present in their products.[12]

In 2013, researchers at the University of Massachusetts devised a method of breaking a CPU's internal cryptographic mechanisms by introducing specific impurities into the crystalline structure of transistors to change Intel's random-number generator.[13]

Documents revealed from 2013 onwards during the surveillance disclosures initiated by Edward Snowden showed that the Tailored Access Operations (TAO) unit and other NSA employees intercepted servers, routers, and other network gear being shipped to organizations targeted for surveillance to install covert implant firmware onto them before delivery.[14][15] These tools include custom BIOS exploits that survive the reinstallation of operating systems and USB cables with spy hardware and radio transceiver packed inside.[16]

In June 2016 it was reported that University of Michigan Department of Electrical Engineering and Computer Science had built a hardware backdoor that leveraged "analog circuits to create a hardware attack" so that after the capacitors store up enough electricity to be fully charged, it would be switched on, to give an attacker complete access to whatever system or device − such as a PC − that contains the backdoored chip. In the study that won the "best paper" award at the IEEE Symposium on Privacy and Security they also note that microscopic hardware backdoor wouldn't be caught by practically any modern method of hardware security analysis, and could be planted by a single employee of a chip factory.[17][18]

In September 2016 Skorobogatov showed how he had removed a NAND chip from an iPhone 5C - the main memory storage system used on many Apple devices - and cloned it so that he can try out more incorrect combinations than allowed by the attempt-counter.[19]

In October 2018 Bloomberg reported that an attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America's technology supply chain.[20]

Countermeasures

Skorobogatov has developed a technique capable of detecting malicious insertions into chips.[10]

New York University Tandon School of Engineering researchers have developed a way to corroborate a chip's operation using verifiable computing whereby "manufactured for sale" chips contain an embedded verification module that proves the chip's calculations are correct and an associated external module validates the embedded verification module.[9] Another technique developed by researchers at University College London (UCL) relies on distributing trust between multiple identical chips from disjoint supply chains. Assuming that at least one of those chips remains honest the security of the device is preserved.[21]

Researchers at the University of Southern California Ming Hsieh Department of Electrical and Computer Engineering and the Photonic Science Division at the Paul Scherrer Institute have developed a new technique called Ptychographic X-ray laminography.[22] This technique is the only current method that allows for verification of the chips blueprint and design without destroying or cutting the chip. It also does so in significantly less time than other current methods. Anthony F. J. Levi Professor of electrical and computer engineering at University of Southern California explains “It’s the only approach to non-destructive reverse engineering of electronic chips—[and] not just reverse engineering but assurance that chips are manufactured according to design. You can identify the foundry, aspects of the design, who did the design. It’s like a fingerprint.”[22] This method currently is able to scan chips in 3D and zoom in on sections and can accommodate chips up to 12 millimeters by 12 millimeters easily accommodating an Apple A12 chip but not yet able to scan a full Nvidia Volta GPU.[22] "Future versions of the laminography technique could reach a resolution of just 2 nanometers or reduce the time for a low-resolution inspection of that 300-by-300-micrometer segment to less than an hour, the researchers say."[22]

See also

References

  1. ^ a b c "Rakshasa: The hardware backdoor that China could embed in every computer - ExtremeTech". ExtremeTech. 1 August 2012. Retrieved 22 January 2017.
  2. ^ "Adding Backdoors at the Chip Level". Schneier on Security. 2018-03-26. Retrieved 2024-12-23.
  3. ^ Waksman, Adam (2010), "Tamper Evident Microprocessors" (PDF), Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, archived from the original (PDF) on 2013-09-21, retrieved 2019-08-27
  4. ^ Smith, Craig (2016-03-24). The Car Hacker's Handbook: A Guide for the Penetration Tester. No Starch Press. ISBN 9781593277031. Retrieved 22 January 2017.
  5. ^ Wagner, David (2008-07-30). Advances in Cryptology - CRYPTO 2008: 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008, Proceedings. Springer Science & Business Media. ISBN 9783540851738. Retrieved 22 January 2017.
  6. ^ Mishra, Prabhat; Bhunia, Swarup; Tehranipoor, Mark (2017-01-02). Hardware IP Security and Trust. Springer. ISBN 9783319490250. Retrieved 22 January 2017.
  7. ^ "Hardware-Hack: Backdoor in China-Chips entdeckt?" (in German). CHIP Online. Archived from the original on 2 February 2017. Retrieved 22 January 2017.
  8. ^ "Hackers Could Access US Weapons Systems Through Chip". CNBC. 8 June 2012. Retrieved 22 January 2017.
  9. ^ a b "Self-checking chips could eliminate hardware security issues - TechRepublic". Tech Republic. 31 August 2016. Retrieved 22 January 2017.
  10. ^ a b "Cambridge Scientist Defends Claim That US Military Chips Made In China Have 'Backdoors'". Business Insider. Retrieved 22 January 2017.
  11. ^ Lee, Michael. "Researchers find backdoor on ZTE Android phones". ZDNet. Retrieved 22 January 2017.
  12. ^ Schoen, Douglas E.; Kaylan, Melik (9 September 2014). The Russia-China Axis: The New Cold War and America's Crisis of Leadership. Encounter Books (published 2014). ISBN 9781594037573. Retrieved 2020-05-16. Hardware-encoded backdoors are more threatening than software-encoded ones [...] In October 2012, the U.S. House Permanent Select Committee on Intelligence recommended that U.S. companies avoid hardware made by Chinese telecom giants Huawei and ZTE, saying that its use constitutes a risk to national security. Huawei and ZTE manufacture network hardware for telecommunications systems.
  13. ^ "Researchers find new, ultra-low-level method of hacking CPUs - and there's no way to detect it - ExtremeTech". ExtremeTech. 16 September 2013. Retrieved 22 January 2017.
  14. ^ "Photos of an NSA "upgrade" factory show Cisco router getting implant". Ars Technica. 2014-05-14. Retrieved 22 January 2017.
  15. ^ "NSA's Secret Toolbox: Unit Offers Spy Gadgets for Every Need". Der Spiegel. SPIEGEL ONLINE. 30 December 2013. Retrieved 22 January 2017.
  16. ^ "Your USB cable, the spy: Inside the NSA's catalog of surveillance magic". Ars Technica. 2013-12-31. Retrieved 22 January 2017.
  17. ^ Greenberg, Andy (June 2016). "This 'Demonically Clever' Backdoor Hides In a Tiny Slice of a Computer Chip". WIRED. Retrieved 22 January 2017.
  18. ^ Storm, Darlene (2016-06-06). "Researchers built devious, undetectable hardware-level backdoor in computer chips". Computerworld. Retrieved 22 January 2017.
  19. ^ "Hardware hack defeats iPhone passcode security". BBC News. 19 September 2016. Retrieved 22 January 2017.
  20. ^ Robertson, Jordan; Riley, Michael (4 October 2018). "The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies". Bloomberg. Retrieved 2022-03-06.
  21. ^ Vasilios Mavroudis; et al. "A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components" (PDF). backdoortolerance.org. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.
  22. ^ a b c d Moore, Samuel (2019-10-07). "X-Ray Tech Lays Chip Secrets Bare". IEEE Spectrum: Technology, Engineering, and Science News. Retrieved 2019-10-08.

Further reading

  • Krieg, Christian; Dabrowski, Adrian; Hobel, Heidelinde; Krombholz, Katharina; Weippl, Edgar (2013). Hardware malware. [S.l.]: Morgan & Claypool. ISBN 9781627052528.

Read other articles:

Bandar Udara Rinas Nënë Tereza

Bandar Udara Internasional Tirana Bunda TeresaAeroporti Ndërkombëtar i Tiranës Nënë TerezaIATA: TIAICAO: LATIInformasiJenisUmumPengelolaTirana International Airport SHPK (bagian dari Hochtief Airport)LokasiRinas, Distrik Krujë, Durrës County, AlbaniaKetinggian dpl33 mdplSitus webwww.tirana-airport.comPetaTIAlokasi bandara di AlbaniaLandasan pacu Arah Panjang Permukaan m kaki 18/36 2,750 9,022 Aspal Statistik (2012)Penumpang1,665,331Perubahan penumpang 11-128.8%Pergerakan pesa...

 

Dewan Perwakilan Rakyat Daerah Kota Tasikmalaya

Dewan Perwakilan Rakyat DaerahKota Tasikmalaya ᮓᮦᮝᮔ᮪ ᮕᮀᮝᮊᮤᮜ᮪ ᮛᮠᮚᮒ᮪ ᮓᮆᮛᮂ ᮊᮧᮒ ᮒᮞᮤᮊ᮪ᮙᮜᮚDéwan Pangwakil Rahayat Daérah Kota TasikmalayaDewan Perwakilan RakyatKota Tasikmalaya2019-2024JenisJenisUnikameral SejarahSesi baru dimulai3 September 2019PimpinanKetuaH. Aslim, S.H. (Gerindra) sejak 3 Oktober 2019 Wakil Ketua IH. Agus Wahyudin, S.H., M.H. (PPP) sejak 3 Oktober 2019 Wakil Ketua IIH. Muslim, S.Sos., M.Si. (PDI-P) sej...

 

Akses internet

InternetSebuah visualisasi Opte Project dari jalur routing melalui sebagian dari Internet Umum Akses Penyensoran Demokrasi Kesenjangan digital Hak digital Kebebasan informasi Sejarah Internet Fenomena Internet Kenetralan Internet Perintis Privasi Sosiologi Penggunaan Tata kelola ICANN Internet Engineering Task Force Internet Governance Forum Internet Society Infrastruktur informasi Domain Name System Hypertext Transfer Protocol Titik sambung Internet Internet Protocol Internet protocol suite ...

اللغة البورمية

يفتقر محتوى هذه المقالة إلى الاستشهاد بمصادر. فضلاً، ساهم في تطوير هذه المقالة من خلال إضافة مصادر موثوق بها. أي معلومات غير موثقة يمكن التشكيك بها وإزالتها. (يونيو 2023) اللغة البورمية الاسم الذاتي (بالبورمية: မြန်မာဘာသာစကား)‏(بالبورمية: မြန်မာဘာသာ)‏  الناطق...

 

Calibre (arme à feu)

Si ce bandeau n'est plus pertinent, retirez-le. Cliquez ici pour en savoir plus. Certaines informations figurant dans cet article ou cette section devraient être mieux reliées aux sources mentionnées dans les sections « Bibliographie », « Sources » ou « Liens externes » (juin 2023). Vous pouvez améliorer la vérifiabilité en associant ces informations à des références à l'aide d'appels de notes. Pour les articles homonymes, voir Calibre. Projectile...

 

Синелобый амазон

Синелобый амазон Научная классификация Домен:ЭукариотыЦарство:ЖивотныеПодцарство:ЭуметазоиБез ранга:Двусторонне-симметричныеБез ранга:ВторичноротыеТип:ХордовыеПодтип:ПозвоночныеИнфратип:ЧелюстноротыеНадкласс:ЧетвероногиеКлада:АмниотыКлада:ЗавропсидыКласс:Пт�...

Diahann Carroll

Pour les articles homonymes, voir Carroll. Diahann CarrollBiographieNaissance 17 juillet 1935BronxDécès 4 octobre 2019 (à 84 ans)Los AngelesNom de naissance Carol Diahann JohnsonNationalité américaineFormation Université de New YorkHigh School of Music & Art (en)Activités Actrice, mannequin, chanteusePériode d'activité 1954-2019Conjoints Monte Kay (en) (de 1956 à 1963)Vic Damone (de 1987 à 1996)Autres informationsLabel RCA VictorDistinctions Liste détailléeTony Award de...

 

中華民國國軍中的中共間諜列表

 本表是動態列表,或許永遠不會完結。歡迎您參考可靠來源來查漏補缺。 潛伏於中華民國國軍中的中共間諜列表收錄根據公開資料來源,曾潛伏於中華民國國軍、被中國共產黨聲稱或承認,或者遭中華民國政府調查審判,為中華人民共和國和中國人民解放軍進行間諜行為的人物。以下列表以現今可查知時間為準,正確的間諜活動或洩漏機密時間可能早於或晚於以下所歸�...

 

منتوحتب الخامس

تحتاج هذه المقالة كاملةً أو أجزاءً منها إلى تدقيق لغوي أو نحوي. فضلًا ساهم في تحسينها من خلال الصيانة اللغوية والنحوية المناسبة. (يناير 2019) {{{اسم}}}فرعون مصر الألقاب الملكية منتوحتب الخامس، (بالإنجليزية: Mentuhotep V)‏، (المعروف أيضا باسم منتوحتب سيوادجاري، أو منتوحتب السادس حسب �...

Sofa

Untuk perangkat lunak statistika, lihat SOFA. Artikel ini tidak memiliki referensi atau sumber tepercaya sehingga isinya tidak bisa dipastikan. Tolong bantu perbaiki artikel ini dengan menambahkan referensi yang layak. Tulisan tanpa sumber dapat dipertanyakan dan dihapus sewaktu-waktu.Cari sumber: Sofa – berita · surat kabar · buku · cendekiawan · JSTOR Sofa seseorang dari Brasil Sofa secara umum dapat diartikan sebagai kursi panjang yang memiliki leng...

 

Ottobrunn

Ottobrunn. Ottobrunn adalah kota yang terletak di distrik München di Bayern, Jerman. Kota Ottobrunn memiliki luas sebesar 5.53 km². Ottobrunn pada tahun 2006, memiliki penduduk sebanyak 19.707 jiwa. lbsKota dan kotamadya di distrik München Aschheim Aying Baierbrunn Brunnthal Feldkirchen Garching bei München Gräfelfing Grasbrunn Grünwald Haar Hohenbrunn Höhenkirchen-Siegertsbrunn Ismaning Kirchheim bei München Neubiberg Neuried Oberhaching Oberschleißheim Ottobrunn Planegg Pullac...

 

German football league system

For a historical overview of the (West) German football league system, see History of the German football league system. For the league system of former East Germany, see East German football league system. For the women's league system, see Women's football in Germany. Hierarchically interconnected league system for association football in Germany German football league systemCountryGermanySportAssociation footballPromotion and relegationYesNational systemFederationGerman Football Associatio...

Riding with the King (John Hiatt album)

This article is about the John Hiatt album. For the King/Clapton album, see Riding with the King (B. B. King and Eric Clapton album). 1983 studio album by John HiattRiding with The KingStudio album by John HiattReleased1983StudioThe Pen, San FranciscoEden Studios, LondonGenreRockLength42:05LabelGeffenProducerScott Mathews, Ron Nagle, Nick LoweJohn Hiatt chronology All of a Sudden(1982) Riding with The King(1983) Warming Up to the Ice Age(1985) Professional ratingsReview scoresSourceRa...

 

G. Samuel

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) The topic of this article may not meet Wikipedia's notability guideline for biographies. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be...

 

Malibu, California

MalibuFoto dari udara tentang Malibu LambangJulukan: The BU[butuh rujukan]Lokasi Malibu di Los Angeles County, CaliforniaNegara Amerika SerikatNegara bagian CaliforniaCountyLos AngelesIncorporated (city)28 Maret 1991 (1991-03-28)[1]Pemerintahan • Wali kotaJohn Sibert[2]Luas[3] • Total19,828 sq mi (51,354 km2) • Luas daratan19,785 sq mi (51,242 km2) • Luas perairan0...

Gläserner Bär

Der Gläserne Bär ist ein Kinder- und Jugendfilmpreis, der seit 1994 jährlich bei den Berliner Filmfestspielen von einer Kinder- und einer Jugendjury vergeben wird. Vorläufer war von 1986 bis 1993 der Preis der Kinderjury, den zunächst jährlich nur ein Film erhielt. Ab 1992 wurden jeweils ein Spielfilm und ein Kurzfilm für diesen Preis ausgewählt. 1994 erfolgte in Analogie zu den übrigen Preisen der Berlinale die Umbenennung des Preises in Gläserner Bär. 2004 wurden für jedes Jahr ...

 

نادي بتروجيت موسم 2010–11

  هذه المقالة عن نادي بتروجيت موسم 2010-2011. لنادي بتروجيت الرياضي بشكل عام، طالع نادي بتروجيت. نادى بتروجيت الرياضى موسم 2010-2011 رئيس النادي : أحمد رضا مرسي المدير الفني : حلمي طولان بطولات الموسم الدوري المصري الممتاز المركز السادس كأس مصر دور ال16 هداف الفريق الموسم...

 

Englewood Cliffs

Questa voce sull'argomento centri abitati del New Jersey è solo un abbozzo. Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Segui i suggerimenti del progetto di riferimento. Englewood Cliffsborough(EN) Englewood Cliffs, New Jersey Englewood Cliffs – Veduta LocalizzazioneStato Stati Uniti Stato federato New Jersey ConteaBergen TerritorioCoordinate40°52′57″N 73°57′09″W40°52′57″N, 73°57′09″W (Englewood Cliffs) Altitudine97 m s.l....

2012年夏季奥林匹克运动会男子足球比赛名单

球员 2012年夏季奧林匹克運動會足球比賽 賽事 男子  女子 名单 男子  女子 该条目列出了在伦敦举行的2012年夏季奥林匹克运动会男子足球比赛决赛阶段的各国代表团参赛球员名单。每支球队必须为18名球员组成,其中包括15名在1989年1月1日之后出生的球员和3名无年龄限制的球员。[1]球队中至少包含2名守门员,其中最多只有一名守门员可使用无年龄限�...

 

Raffaele Cotugno

Raffaele Cotugno Deputato del Regno d'ItaliaLegislaturaXXIII, XXIV, XXVI Incarichi parlamentari XXVI Legislatura Presidente della Commissione di vigilanza sulla biblioteca della Camera Sito istituzionale Dati generaliPartito politicoRadicale Titolo di studioLaurea in Giurisprudenza ProfessioneAvvocato Raffaele Cotugno (Ruvo di Puglia, 21 febbraio 1860 – Ruvo di Puglia, 21 agosto 1937) è stato un politico e scrittore italiano. Indice 1 Biografia 2 Opere 3 Note 4 ...