Ivy Bridge hardware trojan is nearly impossible to detect

[Shawn Knight]

A group of researchers hailing from Europe and the US have successfully demonstrated what they are calling a hardware trojan attack on Intel’s third generation Ivy Bridge processor. It’s also very difficult to detect as the exploit is able to get by the chip’s built-in self test as well as the National Institute of Standards and Technology’s tests pertaining to random number generators.

It’s all a bit complicated but the researchers use an exploit that changes the dopant polarity of individual transistors on the chip to weaken its random number generator. They are able to successfully reduce the random number generator’s entropy from 128 bits to just 32 bits.

This makes cryptographic keys much easier to predict and it seems they only need to alter the dopant masks of “a few” of the 1.4 billion transistors on the chip to be successful. Since only a few are altered, it becomes difficult to notice among the mass of other transistors. What’s more, the researchers claim the hardware trojan can’t be exposed using optical reverse engineering due to the fact the chip’s circuitry remains unchanged.

The researchers have published a paper on their findings but if you’d prefer to skip the in-depth details, you’d be forgiven. It is worth mentioning, however, that they haven’t found any hardware trojans in the wild yet. The proof-of-concept does show that Ivy Bridge is vulnerable to hardware-level attacks that could be virtually impossible to detect.

Permalink to story.

https://www.techspot.com/news/54054-ivy-bridge-hardware-trojan-is-nearly-impossible-to-detect.html

 

[TheBigFatClown]

Yikes, I have SandyBridge and IvyBridge CPUs. I wonder if SandyBridge is vunerable also. This stuff is hard to believe. Amazing what hackers can do.

 

[Guest]

It would be VERY difficult for any hacker to do this, this was just a simulation, not a demonstration. At the bare minimum they would require access to the physical cpu, then they would have to perform a type of procedure on the cpu's die which would be more complex and more delicate than nano-surgery to access some specific transistors without damaging anything else...then reinstall everything.

There are far easier methods to gain someone's information than that.

 

[Guest]

It would require access to an electron microscope.

 

[Guest]

Seems to me it would be easier to just replace the target processor with one that had already been exploited. Thus making this much easier and more practical. Physical security being the easiest to overcome (for the powers that be and or other parties) isn't a deterrent in most cases.

 

[Guest]

Finally a way for a virus to infect a Mac. I'm glad I have AMD CPU in my PC.

 

[howzz1854]

How is anyone going to break into your house, pop open your pc, take off your heatsink and CPU, and pop open the heatspreader and mess with the transistors.

 

[Guest]

"Finally a way for a virus to infect a Mac"
--> it's been a while that a mac can be infected too, and you definitely don't need Ivy Bridge hardware trojan to infect a mac..

"I'm glad I have AMD CPU in my PC"
--> doesn't mean your pc can't get infected by regular trojan in the wild, right?

 

[Jad Chaar]

Wow this impressive. Interesting to see the hacking potential in hardware.

 

[cliffordcooley]

The proof-of-concept does show that Ivy Bridge is vulnerable to hardware-level attacks that could be virtually impossible to detect.

Also makes you (me at least) wonder how the Trojan is implemented.

Would this only be an issue if you purchased from unreliable sources? Sources that could reprogram hardware before passing them to others. If you ask me this would leave a breadcrumb trail a mile wide back to the source.

 

[lipe123]

AS a hack, this is ridiculous and totally impractical. HOWEVER; potentially you could modify chips and sell them to someone and then those systems the modified chips gets installed to is vulnerable.

But still.. kinda silly

 

[Guest]

Do you think the RSA believe it is silly?

 

[Guest]

Nice to know they have optical reverse engineering of chips because who knows what inside the "black box" of a chip?

 

[Attermire]

A nice open door for the NSA there...

 

[Guest]

This requires a state level actor. Not necessarily the one your thinking of.