Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Hardware Hacking May Be the Next Frontier

Posted by CmdrTaco on from the i-hide-it-in-my-pocket dept.

An anonymous reader writes "It's a given that hackers will target software, and that's enough for many people to worry about. But now there's the possibility that hackers would hide malicious code in the hardware itself. A hardware hack could be an annoyance, by stopping a mobile phone from functioning. Or it could be more dangerous, if it damages the way a critical system operates. Villasenor says there are several types of attacks. Broadly they would fall into two categories: one is when a block stops a chip from functioning, while the other involves shipping data out."

11 of 146 comments (clear)

  1. Re:We Certainly May! by natehoy · · Score: 3, Funny

    Then again, July not.

    --
    "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  2. Re:Uhm? by Anonymous Coward · · Score: 5, Funny

    I think somebody accidentally the headline.

  3. [Insert scary possibility] by betterunixthanunix · · Score: 4, Insightful

    "A hardware hack could do [bad thing] or even [really bad thing]!" What about, "A hardware hack could free users from restriction systems?" or perhaps "A hardware hack could allow a mechanic to work on a transmission that was locked down by the manufacturer?"

    --
    Palm trees and 8
  4. Re:lolwut? by 0racle · · Score: 5, Funny

    Someone accidentally the whole thing.

    --
    "I use a Mac because I'm just better than you are."
  5. Ahem... by Anonymous Coward · · Score: 4, Funny

    May. The Next Frontier. These are the failures of the Slashdot Editors. Their ongoing mission: To explore strange new URLs, to seek out new memes and new trending topics. To boldly fail where no man has failed before!

  6. Re:CPLD? by betterunixthanunix · · Score: 5, Interesting

    People have been hacking hardware for a really long time, longer than they have been hacking software. My security engineering textbook lists a number of hardware hacks that were used for espionage, particularly side channel attacks and other signals intelligence. Creating hardware trojan horses is an old trick; you might even say it dates back as far as the Trojan war.

    --
    Palm trees and 8
  7. Uhhh... by The+MAZZTer · · Score: 4, Insightful

    Most of the defenses involve adding a kind of "policing" function to the chip's architecture. For example, one could design a block that would monitor the behavior of other blocks and make sure they fit certain patterns. If another block misbehaves, it would be "quarantined" and the monitoring hardware would take over the now-missing functions.

    Yeah, THAT sounds practical. The article author watches/reads too much science fiction.

  8. Hackors by kaoshin · · Score: 3, Funny

    I think it is possible that could hide malicious code in the. It could even potentially words from sentences. In Soviet Russia you.

  9. Re:lolwut? by Hijacked+Public · · Score: 5, Funny

    It may finally answer who was phone though. Hackers was phone.

    --
    "Sacrifice for the good of The State" - The State
  10. Re:Uhm? by Sloppy · · Score: 4, Funny

    In Soviet Russia, you!

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  11. Hardware is traceable, software is not by timholman · · Score: 4, Interesting

    Disclaimer: I've been involved in some research in verification of ASICs to uncover trojan hardware. Frankly, I think the threat of hardware hacks tends to be overblown.

    The problem with planting Trojan circuits in hardware is that they're traceable. Given a compromised chip, you can locate the manufacturer and the fab it came from, and work backwards to the people who had access to the layout. It would be a financial and P.R. disaster for any third party vendor that allowed such a thing to happen. Who would ever trust them again with a design? These companies want to make money, and allowing government or criminal organizations to compromise the manufacturing process is too big a risk.

    On top of that, using a hardware hack is equivalent to firing a shotgun into a swarm of gnats. How can you know that a hacked chip is going to make it into a box that just might happen to be used by a competitor you care about? It's an insane risk with a ridiculously small hope of payoff.

    The way to compromise systems is the way that has worked extremely well so far - via software. You can target the attack, you can cover your tracks, and you have plausible deniability if you're caught. If you bribe someone inside the organization, you can place the software you want right on the machines you care about. And as long as organizations keep using Windows, you'll never run out of attack vectors.