Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by Fnord666 on Monday October 14 2019, @05:22AM   Printer-friendly
from the a-little-something-extra dept.

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The NSA dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for "most overhyped bug" and "most epic fail." And no follow-up reporting has yet affirmed its central premise.

But even as the facts of that story remain unconfirmed, the security community has warned that the possibility of the supply chain attacks it describes is all too real. The NSA, after all, has been doing something like it for years, according to the leaks of whistle-blower Edward Snowden. Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment.

"It's not magical. It's not impossible. I could do this in my basement."

Monta Elkins, FoxGuard

At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to offer themselves stealthy backdoor access. (Full disclosure: I'll be speaking at the same conference, which paid for my travel and is providing copies of my forthcoming book to attendees.) With only a $150 hot-air soldering tool, a $40 microscope, and some $2 chips ordered online, Elkins was able to alter a Cisco firewall in a way that he says most IT admins likely wouldn't notice, yet would give a remote attacker deep control.

"We think this stuff is so magical, but it's not really that hard," says Elkins, who works as "hacker in chief" for the industrial-control-system security firm FoxGuard. "By showing people the hardware, I wanted to make it much more real. It's not magical. It's not impossible. I could do this in my basement. And there are lots of people smarter than me, and they can do it for almost nothing."

Elkins used an ATtiny85 chip, about 5 millimeters square, that he found on a $2 Digispark Arduino board; not quite the size of a grain of rice, but smaller than a pinky fingernail. After writing his code to that chip, Elkins desoldered it from the Digispark board and soldered it to the motherboard of a Cisco ASA 5505 firewall. He used an inconspicuous spot that required no extra wiring and would give the chip access to the firewall's serial port.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by All Your Lawn Are Belong To Us on Tuesday October 15 2019, @08:37PM (1 child)

    by All Your Lawn Are Belong To Us (6553) on Tuesday October 15 2019, @08:37PM (#907543) Journal

    Yeah, you're very right that it's really improbable. And if you're going to go for a design/production level corruption it is far better to integrate it rather than put it in a discrete location where someone hyperknowledgeable and hypercurious might be able to troubleshoot something down. If you've got the knowledge for one you can assemble the knowledge for the other, although that is much easier to do when you've got nation-state level resources to throw at it.

    Looking at the photo one more time it looks like the chip is tapping into one of the ports. (What good it does there I'm not sure). I've had a 5505 in our system but have never cracked the case on one (think it was a 5505 anyway), and I'm not familiar enough to say which one.

    I'd still like to be a fly in the wall at the presentation to get the full story on it. And it does make me wonder what a competing nation-state might achieve, not so much what a David Lightman might achieve.

    --
    This sig for rent.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by All Your Lawn Are Belong To Us on Tuesday October 15 2019, @08:38PM

    by All Your Lawn Are Belong To Us (6553) on Tuesday October 15 2019, @08:38PM (#907547) Journal

    Meh, not familiar enough to say which port it might be tapped into was what I meant,

    --
    This sig for rent.