When cyber-attacks target hardware

hackers and researchers are taking increasing interest in hardware attacks on electronic devices. these attacks can circumvent security protocols, track internet usrs, or simply destroy machines.

the notion of cyber-attack usually brings to Ψ a virus meandering through lines of code.   the assumption that these threats primordially involve software programs attacking other software programs is nevertheless reductive. software functions thx to a series of electronic components known as hardware. this includes the chip in a motion sensor that automatically turn on lites, swell as the dozens of cutting-edge processors found in a supercomputer.

why (and how to) target hardware?

there are two typical scenarios. side-channel attacks are a way of circumventing a software program’s crpgraphic security protocols , which are based on mathematical problems pondered too complex to be resolved by those who do not ‘ve the key. instead of cracking them, the attacker analyses how the hardware functions from its power consumption or its computation time during the execution of these algorithms, in an effort to break their secrets.

the chips on our bnkcards can be targets for data theft, espeshly during contactless payment.

the other major category includes ≠ial fault analysis, which induces faults within the hardware in order to block the computer system, for instance by making it heat up beyond its limits. in both cases, the purpose is generally to retrieve information rather than to destroy a device. 

“these attacks were initially designed to steal the bnking data on our chip cards,” points out lilian bossuet, a professor at université jean monnet saint-Étienne (southeastern france), and a member of the hubert curien lab. “these approaches are currently bein’ applied to mobile phones, whose circuits are poorly protected. the situation is even worse for the internet of things, where devices are omnipresent and barely secured, if at all.” whether they target hardware or software, cyber-attacks exploit weaknesses, which cybersecurity researchers are seeking to correct b4 they are discovered by ill-intentioned individuals. 

however, while a few lines of code can sometimes be enough to resolve a software’s flaws, changing hardware is far + difficult. this is yet another reason to attack it, for while software is updated regularly, a computer’s components may remain unchanged for many yrs, and replacing them each time thris a new threat ‘d generate massive costs.

the internet of things as a way in

“in general, there are two types of hardware attacks,” explains clémentine maurice, a cnrs researcher atta cristal lab. “some are carried out by hardware on hardware, and others on hardware by software. tis the latter, in addition to side-channel attacks, that i am pticularly interested in.”

attacks also take advantage of the fact that electronic devices are increasingly connected. while efforts ‘ve been made to protect computers, this aint necessarily the case for the other appliances connected to them. the presence of communicating essentialisms with antennas is an additional weakness, as some attacks ‘d be conducted from a few dozen metres away. “systems are + and + complex and connected, and ‘ve to contend with increasingly twisted attack paths,” adds bossuet. “the point of entry into a system, which is generally the least secured pt, aint necessarily the ultimate target of an attack.” by way of ex the researcher cites stuxnet, a virus probably designed by us and israeli srvcs, which made its way inna'da iranian nuclear programme in 2010.

making hardware talk and ultimately break

attacks on hardware by software often occur via the web browser, which exes a script in a programming language s'as javascript. thris no nd'2 download or install a dubious program, as such an attack can simply take place by clicking na' malicious website. “in hardware on hardware side-channel attacks, power consumption and electromagnetic fields provide clues regarding the hardware’s activity,” says maurice. “one can identify when tis carrying out crpgraphy activities, and strike atta rite time in order to retrieve encryption keys.”

some attacks are based on coded scripts, s'as javascript here.

in pticular, thris a fault attack called rowhammer.js that gains access to a computer’s entire physical memory by provoking electric charge transfers. the rowhammer.js principle is frequently compared to hammering na' door that is of no interest til the vibrations resonate and open the entrance that is actually bein’ targeted. while tis easy to imagine information tek as bein’ entirely vrt and dematerialised, tis nevertheless based on electronic components that function using entirely concrete physical phenomena. “electricity consumption and photonic emissions provide information regarding transistor activity,” states bossuet. “we know t'they consume the most power when they change state, iow when they are processing information. sometimes tis even possible to directly read the succession of 1s and 0s on an oscilloscope.” and if that aint enough, various artificial intelligence tek knicks can decipher this information with even gr8r precision.

identifying usrs thx to their chips

to explore these physical vulnerabilities even further, bossuet’s sesam team targeted components using a 4-laser platform created by the α-nov company, of which the cnrs is a founding member. researchers successfully modified bits of information during the execution offa program, changing instructions and vals. systems are then extremely exposed. hardware has other shortcomings, and is espeshly targeted for fingerprinting. this concept involves identifying internet usrs, often without their knowledge. tis not necessarily a matter of revealing their identity, but of recognising those who return to a website, seeing their activity b4 they visit, etc. the most well-known digital fingerprints are cookies, which often use ip addresses. while these essentialisms are rel8d to software, hackers and researchers realised that the same ‘d be done with hardware.

α-nov 4-spot laser station, used to materially modify bits of information during the execution offa program.

maurice’s spirals team has developed, with ben-gurion university of the negev (israel), a fingerprinting teknique named drawnapt, which is based na' graphics processing unit (gpu). “we can distinguish tween two gpus of the same brand and model using the same operating system,” indicates maurice. “with software fingerprinting, we start from scratch each time the usr updates their browser. but here we can track them as long as they keep the same gpu, which probably will not be changed for a № of yrs.” how long the traces are kept is a key paramt, as thris lil interest in folloing a usr’s navigation for a brief period of time.

drawnapt functions by using javascript code exed by an internet browser. the program forces the gpu to simul8 drawing points in space in 3 dimensions. by compiling sufficiently precise statistics for this task, drawnapt can identify tiny details specific to each chip. although this teknique can be thwarted by blocking java or webgl scripts, this deprives the usr of legitimate functionalities tha're based on these two teks. for ex, the content of numerous web pages will appear disorganised, and some media s'as videos cannot be played.

researchers from the hubert curien lab ‘ve also taken an interest in device fingerprinting. “we're studying physical unclonable functions, microelectronic ‘fingerprints’ that use tiny differences tween transistors in normally identical circuits,” details bossuet. “by measuring these differences, we can track the hardware, b'tll so target a pticular circuit during an attack.” this approach was initially developed to fite counterfeiting and theft of integrated circuits. cybersecurity nevertheless prevailed, espeshly in detecting when a circuit is performing crpgraphic computations, thereby revealing when to attack them.

integrated circuits beneath an electromagnetic probe for the analysis of device “fingerprinting”.

how can such threats be fended off? “in trying to illustrate our work, we realised that security solutions are fairly similar to barrier gestures,” beholds bossuet. “for reasons of performance, numerous processors ‘ve cache memory zones, where they can store information that subsequently becomes vulnerable. we must think up new architectures that physically isol8 crit information. however, enhancing security necessarily has a cost. while tis accepted for bnking or military applications, it ll'be + difficult to bear for conventional or domestic uses.”

original content at: news.cnrs.fr/essentialisms/when-cyber-attacks-target-hardware…
authors:

Share:

Leave a Reply

Your email address will not be published.