The Hacker News - Cybersecurity News and Analysis: Hardware Trojan

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of seconds by plugging-in a malicious hot plug device—such as an external network card, mouse, keyboard, printer, storage, and graphics card—into Thunderbolt 3 port or the latest USB-C port . The DMA-based attacks are possible because Thunderbolt port allows connected peripherals to bypass operating system security policies and directly read/write system memory that contains sensitive information including your passwords, banking logins, private files, and browser activity. That means, simply plugging in an infected device, created using tools like Interception , can manipulate the contents o

We have discussed many times in our stories the network of Intelligent devices , their capabilities and the possibilities that cyber criminals could exploit them for illegal activities. Hidden chips are used by cyber criminals and state-sponsored hackers to infiltrate company networks and organizations for various purposes, to send out spam or for cyber espionage . The fact has happened in Russia, the State-owned channel Rossiya 24 has showed the images of an electric iron included in a batch of Chinese imports where the operators find a chip used for spying the environment surround. China is planting Microchips practically in every electrical device, as recently it has been discovered that the  electric iron  and kettles were modified with this technique to launch spam attacks. The Microchips were equipped with a little microphone and according to the correspondent the component were mostly being used to serve malware and the chips in fact are able to connect any co

Three men allegedly installed Credit Card Skimming keylogger at into cash registers in a Nordstrom department store in the Florida. Those Keyloggers were connected via a keyboard cord between the keyboard and the computer to intercept the information transmitted between the two devices and Furthermore, the gang used the connectors designed to resemble common PS2 cables. Krebs has indicated  on his blog that such keyloggers can be easily obtained online for about $40 only. Placing such a devices would have allowed criminals access to data for anyone applying for a Nordstrom credit card , plus any numbers typed in via the keyboard.  In order to collect the captured data, criminals have to return back after few days to collect the keylogger from store. But at this time it is unknown if the men ever returned to the store in order to retrieve the keyloggers and Nordstrom are unaware of any arrests being made. An alert circulated by the police department in Avent

A team of researchers from the U.S. and Europe has developed a Hardware Trojan , which is an undetectable to many techniques, raising the question on need of proper hardware qualification.  They  released a paper on stealthy Dopant-Level Hardware Trojans, showing how integrated circuits used in computers, military equipment and other critical systems can be maliciously compromised during the manufacturing process. " In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. " states the paper abstract. The Scientists devised two such backdoors they said adversaries could feasibly build into processors to surreptitiously bypass cryptographic protections provided by the computer running the chips