Ivy Bridge hardware trojan is nearly impossible to detect

By on September 19, 2013, 7:30 AM
intel, ivy bridge, cpu, trojan, research, hardware trojan

A group of researchers hailing from Europe and the US have successfully demonstrated what they are calling a hardware trojan attack on Intel’s third generation Ivy Bridge processor. It’s also very difficult to detect as the exploit is able to get by the chip’s built-in self test as well as the National Institute of Standards and Technology’s tests pertaining to random number generators.

It’s all a bit complicated but the researchers use an exploit that changes the dopant polarity of individual transistors on the chip to weaken its random number generator. They are able to successfully reduce the random number generator’s entropy from 128 bits to just 32 bits.

This makes cryptographic keys much easier to predict and it seems they only need to alter the dopant masks of “a few” of the 1.4 billion transistors on the chip to be successful. Since only a few are altered, it becomes difficult to notice among the mass of other transistors. What’s more, the researchers claim the hardware trojan can’t be exposed using optical reverse engineering due to the fact the chip’s circuitry remains unchanged.

The researchers have published a paper on their findings but if you’d prefer to skip the in-depth details, you’d be forgiven. It is worth mentioning, however, that they haven’t found any hardware trojans in the wild yet. The proof-of-concept does show that Ivy Bridge is vulnerable to hardware-level attacks that could be virtually impossible to detect.

User Comments: 14

Got something to say? Post a comment
TheBigFatClown said:

Yikes, I have SandyBridge and IvyBridge CPUs. I wonder if SandyBridge is vunerable also. This stuff is hard to believe. Amazing what hackers can do.

1 person liked this | Guest said:

It would be VERY difficult for any hacker to do this, this was just a simulation, not a demonstration. At the bare minimum they would require access to the physical cpu, then they would have to perform a type of procedure on the cpu's die which would be more complex and more delicate than nano-surgery to access some specific transistors without damaging anything else...then reinstall everything.

There are far easier methods to gain someone's information than that.

Guest said:

It would require access to an electron microscope.

Guest said:

Seems to me it would be easier to just replace the target processor with one that had already been exploited. Thus making this much easier and more practical. Physical security being the easiest to overcome (for the powers that be and or other parties) isn't a deterrent in most cases.

Guest said:

Finally a way for a virus to infect a Mac. I'm glad I have AMD CPU in my PC.

howzz1854 said:

How is anyone going to break into your house, pop open your pc, take off your heatsink and CPU, and pop open the heatspreader and mess with the transistors.

Guest said:

"Finally a way for a virus to infect a Mac"

--> it's been a while that a mac can be infected too, and you definitely don't need Ivy Bridge hardware trojan to infect a mac..

"I'm glad I have AMD CPU in my PC"

--> doesn't mean your pc can't get infected by regular trojan in the wild, right?

JC713 JC713 said:

Wow this impressive. Interesting to see the hacking potential in hardware.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

The proof-of-concept does show that Ivy Bridge is vulnerable to hardware-level attacks that could be virtually impossible to detect.
Also makes you (me at least) wonder how the Trojan is implemented.

Would this only be an issue if you purchased from unreliable sources? Sources that could reprogram hardware before passing them to others. If you ask me this would leave a breadcrumb trail a mile wide back to the source.

lipe123 said:

AS a hack, this is ridiculous and totally impractical. HOWEVER; potentially you could modify chips and sell them to someone and then those systems the modified chips gets installed to is vulnerable.

But still.. kinda silly

Guest said:

Do you think the RSA believe it is silly?

Guest said:

Nice to know they have optical reverse engineering of chips because who knows what inside the "black box" of a chip?

Attermire Attermire said:

A nice open door for the NSA there...

Guest said:

This requires a state level actor. Not necessarily the one your thinking of.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.