Turing's Man Blog
- Last Updated on Sunday, 11 November 2012 23:51
- Published on Sunday, 11 November 2012 23:45
- Written by Pawel Wawrzyniak
- Hits: 10398
Hardware Trojans subject, previously introduced in the "Critical infrastructure threats and Trojan technology? Is your data center vulnerable, too?" blog post, still interests me very much. Therefore, I decided to present additional material covering all related issues and threats on Turingsman.net – this time not only in scope of critical infrastructure and data center security, but also in relation to a typical consumer electronics which is used by all of us on daily basis.
Honestly, the possible impact is so big that all proof-of-concept Trojans presented here should be considered very seriously when we think about risk and security. So, this time I would like to recommend the presentation from DEF CON 16 conference, which was titled "Demonstration of Hardware Trojans" and was made by University of Delaware crew, consisting of: Fouad Kiamilev (Dr. K), Ryan Hoover, Ray Delvecchio, Nicholas Waite, Stephen Janansky, Rodney McGee, Corey Lange and Michael Stamat.
First of all some definitions taken directly from the mentioned presentation:
- Hardware Trojan – malicious alteration of hardware that could, under speciﬁc conditions, result in functional changes of the system.
- Time Bomb Trojan – disables a system at some future time.
- Data Exﬁltration Trojan – leaks conﬁdential information over a secret channel.
As we can see, however these definitions are related to the world of hardware Trojans, one can be familiar with them when it comes to the software Trojans. Well, the idea is the same, so it’s nothing strange. I would only like to fight the stereotype that software Trojans are more serious risk than hardware ones – not exactly. Definitely, malicious software is more popular than malicious hardware, but on the other hand we are much better prepared when it comes to software protection. At the same time, when we realize that today it’s rather hard to find an electronic hardware without built-in computing device, running some kind of software (firmware – let’s say) and most often all devices around us can be easily integrated with the computer network then the picture is almost complete. We have to treat both hardware and software security equally – we have to be sure where we buy our equipment, who has an access to it and how it is serviced. Even if hardware Trojans are something new today and are reported to be rather emerging market.
Alright, enough thoughts here – time for the presentation. After a very good introduction we can see the following achievements (typical, 100% hardware hacks of regular IT equipment) or hardware Trojans types:
- An external LED is electrically modulated at a rate undetectable by human eye.
- The optical signal is sensed using an optical-to-audio ampliﬁer.
- An external resistor is electrically modulated creating thermal emission.
- The micro-controller, or other parts of the circuit are quickly saturated with operations, creating thermal emission.
- The thermal signal is sensed using an IR camera (read – remotely).
- An external I/O pin is modulated causing radio emission.
- The radio signal is sensed using radio receiver and postprocessing received signal on PC.
DEF CON 16 - Demonstration of Hardware Trojans by University of Delaware group of researchers as presented on SecurityTubeCons
To summarize, let’s repeat once again that – however – hardware Trojans are new and emerging threat, the systems at risk today include: military systems, ﬁnancial systems and even household appliances. Hence, we came to the idea from the beginning – the possible impact is so big that it covers almost every area of our life. We just can’t ignore the risk.
Now, we should double-think our data center security – from procurement of hardware, software and services through physical security and access control to maintenance works, contracts and service management. Security is not something that can be achieved once and for all!
Short summary by the authors can be found here.