Jump to content
  • CSGO
    WARNIGHTZM
    179.61.132.128:27015
    ACTIVITY STATUS

    Owner

    semir21

[Hardware] When cyber-attacks target hardware


[Depo] @ Cselites.com

Recommended Posts

adobestock_267037643_72dpi.thumb.jpg.8e0c93d28a1f919c1c733dacecc947c2.jpg
Hackers and researchers are taking increasing interest in hardware attacks on electronic devices. These attacks can circumvent security protocols, track Internet users, or simply destroy machines.
The notion of cyber-attack usually brings to mind a virus meandering through lines of code.   The assumption that these threats essentially involve software programs attacking other software programs is nevertheless reductive. Software functions thanks to a series of electronic components known as hardware. This includes the chip in a motion sensor that automatically turn on lights, as well as the dozens of cutting-edge processors found in a supercomputer.

Why (and how to) target hardware?
There are two typical scenarios. Side-channel attacks are a way of circumventing a software program's cryptographic security protocols , which are based on mathematical problems considered too complex to be resolved by those who do not have the key. Instead of cracking them, the attacker analyses how the hardware functions from its power consumption or its computation time during the execution of these algorithms, in an effort to break their secrets.

The other major category includes differential fault analysis, which induces faults within the hardware in order to block the computer system, for instance by making it heat up beyond its limits. In both cases, the purpose is generally to retrieve information rather than to destroy a device. 

“These attacks were initially designed to steal the banking data on our chip cards,” points out Lilian Bossuet, a professor at Université Jean Monnet Saint-Étienne (southeastern France), and a member of the Hubert Curien laboratory.1 “These approaches are currently being applied to mobile phones, whose circuits are poorly protected. The situation is even worse for the Internet of things, where devices are omnipresent and barely secured, if at all.” Whether they target hardware or software, cyber-attacks exploit weaknesses, which cybersecurity researchers are seeking to correct before they are discovered by ill-intentioned individuals. 

However, while a few lines of code can sometimes be enough to resolve a software's flaws, changing hardware is far more difficult. This is yet another reason to attack it, for while software is updated regularly, a computer's components may remain unchanged for many years, and replacing them each time there is a new threat would generate massive costs.

The Internet of things as a way in
“In general, there are two types of hardware attacks,” explains Clémentine Maurice, a CNRS researcher at the CRIStAL laboratory.2 “Some are carried out by hardware on hardware, and others on hardware by software. It is the latter, in addition to side-channel attacks, that I am particularly interested in.”

Attacks also take advantage of the fact that electronic devices are increasingly connected. While efforts have been made to protect computers, this is not necessarily the case for the other appliances connected to them. The presence of communicating objects with antennas is an additional weakness, as some attacks could be conducted from a few dozen metres away. “Systems are more and more complex and connected, and have to contend with increasingly twisted attack paths,” adds Bossuet. “The point of entry into a system, which is generally the least secured part, is not necessarily the ultimate target of an attack.” By way of example the researcher cites Stuxnet, a virus probably designed by US and Israeli services,

which made its way into the Iranian nuclear programme in 2010.

Making hardware talk and ultimately break
Attacks on hardware by software often occur via the web browser, which executes a script in a programming language such as JavaScript. There is no need to download or install a dubious program, as such an attack can simply take place by clicking on a malicious website. “In hardware on hardware side-channel attacks, power consumption and electromagnetic fields provide clues regarding the hardware's activity,” says Maurice. “One can identify when it is carrying out cryptography activities, and strike at the right time in order to retrieve encryption keys.”

 

Link: https://news.cnrs.fr/articles/when-cyber-attacks-target-hardware

Link to comment
Share on other sites

  • SnO locked this topic
Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.