The Hacker News — Cyber Security, Hacking, Technology News

We have discussed many times in our stories the network of Intelligent devices, their capabilities and the possibilities that cyber criminals could exploit them for illegal activities.

Hidden chips are used by cyber criminals and state-sponsored hackers to infiltrate company networks and organizations for various purposes, to send out spam or for cyber espionage.

The fact has happened in Russia, the State-owned channel Rossiya 24 has showed the images of an electric iron included in a batch of Chinese imports where the operators find a chip used for spying the environment surround.China is planting Microchips practically in every electrical device, as recently it has been discovered that the electric iron and kettles were modified with this technique to launch spam attacks.

The Microchips were equipped with a little microphone and according to the correspondent the component were mostly being used to serve malware and the chips in fact are able to connect any computer within a 200m radius on unprotected Wi-Fi networks.

News agency Rosbalt reports that while the last delivery of appliances were rejected by officials, but tens of devices had already been sent to retailers in St Petersburg.

If you believe that these cases are isolated, then you are completely wrong. Many other common-use products have found to have rogue chips, including gaming console, chargers, network devices, mobile phones and car dashboard cameras.

The discovery is disturbing for many, but not for security experts, and it raises once again the necessity for hardware qualification in both military and civil sectors. I have detailed in various posts the possibility to hide malicious components in the software as in the hardware.

But not only this category of object could be compromised by cyber criminals, devices apparently inanimate and devoid of intelligence like a blender or a flat iron can hide pitfalls.

While in military sector similar incident have triggered a series of initiative to for hardware validation, in large consume products the problem is relevant and approach it is not so simple ... Events like this are the demonstration.

A team of researchers from the U.S. and Europe has developed a Hardware Trojan, which is an undetectable to many techniques, raising the question on need of proper hardware qualification. 

They released a paper on stealthy Dopant-Level Hardware Trojans, showing how integrated circuits used in computers, military equipment and other critical systems can be maliciously compromised during the manufacturing process.

"In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors." states the paper abstract.

The Scientists devised two such backdoors they said adversaries could feasibly build into processors to surreptitiously bypass cryptographic protections provided by the computer running the chips. Instead of adding additional circuitry to the target design, the researchers inserted their hardware Trojans by changing the dopant polarity of existing transistors.

Doping is a process for modifying the electrical properties of silicon by introducing tiny impurities like phosphorous, boron and gallium, into the crystal. By switching the doping on a few transistors, parts of the integrated circuit no longer work as they should. Because the changes happen at the atomic level, the stuff is hard to detect. Their modifications fooled a number of common Trojan testing methods that included optical inspection and checking against golden chips.  

“Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against ‘golden chips,’”

Hardware trojans have been the subject of considerable research since at least 2005 when the U.S. Department of Defense publicly expressed concerns over the military's reliance on integrated circuits manufactured abroad.

The exploitation of a hardware backdoor for cyber espionage purpose has always been the subject of heated debate, intelligence experts have accused in the past Chinese companies to have the ability to remotely access to the communication equipments sold in the United States and Western Countries thanks this kind of attacks.

The paper details how compromise the Intel Ivy Bridge processors pulling off a side channel attack that leaked secret keys from the hardware. 

In the attack of the Ivy Bridge, researchers were able to get their Trojan onto the processor at the sub-transistor level: “Our Trojan is capable of reducing the security of the produced random number from 128 bits to n bits, where n can be chosen,”

“Despite these changes, the modified Trojan RNG passes not only the Built-In-Self-Test (BIST) but also generates random numbers that pass the NIST test suite for random numbers.”