One Year Hacking Hardware!
A retrospect of my one year journey into hardware hacking, key concepts and more. Sit tight!
Exactly one year ago, I dived right in.
You Are Still Vulnerable
The subject of hardware hacking doesn't get as much traction as hacking software. The likely reason for this is the steep learning curve and financial investment that comes with it. However, that does not mean that hardware is of less significance.
It won't help if you fix your software, yet you have loopholes in your hardware.
You are still vulnerable.
IHS estimates that over 75.44 billion IoT devices are to be manufactured by the year 2025. These devices will generate 79.4 zettabytes of data, according to IDC.
The expansive application of IoT technologies calls for appropriate security measures - not limited to hardware security.
Hardware Security Space
"We've entered a new era, where hardware is finally recognized as an important part of the security landscape." - Kingpin, The Hardware Hacking Handbook
The hardware security space has continually been getting attention with notable efforts from Stephen A. Ridley, Joe Grand, Brett Giller, Dave Kennedy, Jasper van Woudenberg, Joe FitzPatrick, Colin O'Flynn, Marc Witteman, among others.
Joe Grand's story was my inspiration into hardware hacking.
The past year had me in the learning, unlearning and relearning cycle. It was a steep learning curve, but the steeper it got, the deeper I dived.
What You Need To Know
Generally, an ethical hardware hacker should understand basic electronics, hardware attack techniques and the best practices to counter attacks and secure systems.
Programming, hands-on skills and attention to detail also come in handy when trying to hack hardware.
The books that helped me get started were:
Hardware Security: A Hands-On Learning Approach.
The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks.
Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things.
While securing hardware may be assumed to be only against physical attacks in the field, it involves countermeasures throughout the device's lifecycle - from design to end-of-life.
Reverse engineering, hardware Trojan attacks, side-channel attacks, IP piracy and fault injection are the most common attacks that exploit hardware vulnerabilities. I will discuss them below.
Reverse Engineering Attacks
Technology upgrade through efficient signal processing has made reverse engineering even easier. ABI's RevEng Schematic Learner System recreates schematics from an existing printed circuit board!
Hardware obfuscation is a countermeasure used to prevent reverse engineering attacks.
Vijayakumar et al.'s paper on Physical Design Obfuscation of Hardware presents camouflaging techniques that defend hardware against reverse engineering. An attacker using reverse engineering tools to attack a physically obfuscated hardware will likely generate a netlist not corresponding to it.
Hardware Trojan Attacks
Hardware Trojan attacks, on the other hand, involve malicious design modifications either on a chip or a PCB. The attacker may create hardware Trojans during design or fabrication to introduce malfunction, alter reliability or steal sensitive information.
In this age where someone can fabricate an IC in a garage, I won't be surprised when one 'cooks' a Hardware Trojan in their kitchen!
Check this paper by the Australian Military. It gives a good overview of Hardware Trojans and their countermeasures.
Side-Channel Attacks
An attacker can monitor the parametric behaviour of the system (power consumption, electromagnetic leaks, heat dissipation, sound emission, timing information etc.) during operation to gather information and exploit vulnerabilities. This attack technique is called the side-channel attack.
Masking through adding noise and reducing information leakage through side-channel parameters is a counter-option to side-channel attacks.
By the way, I am planning to acquire the Hardware Hacking (HaHa) Board for hands-on training. I wouldn't want to be among those who shy away from hardware hacking because of the financial investment that comes with it.
Fault Injection Attacks - Glitching
Grazfather did an excellent job on Glitching the Olimex LPC-P1343.
Glitching is a fault injection technique that undermines a device's security by introducing intentional faults. These faults can cause instruction skipping, malformed data readbacks/writebacks and instruction decoding errors.
Learn more about glitching from Brett Giller's presentation on Implementing Practical Electrical Glitching Attacks during the Black Hat 2015 conference.
IP Piracy Attacks
IP piracy attacks, also known as counterfeiting attacks, is where the attacker clones the device or part of it, intending to promote their malicious goals.
Hardware-based security primitives such as Physical Unclonable Function (PUF) and True Random Number Generator (TRNG) are used to defend against counterfeiting attacks. PUF and TRNg offer protection in cryptographic applications and against hardware attacks.
P.S. Post-Mortem
Above, I have compressed the knowledge I acquired within the past year venturing through hardware hacking.
The journey has been worthwhile as I learnt a lot regarding hardware security that I would less likely get in class.
Writing this issue, I aimed to focus the lens on hardware hacking and encourage those interested in the field to jump right in. Hardware is the new software.
As Groq's CEO, Jonathan Ross, tells hardware engineers on the most recent episode of Moore's Lobby, "keep your hopes active-low and stay grounded!"
Ꭱαɳԃσ𝓶 ᑭσട𝜏 ᙏσɾ𝜏ҽ𝓶ട
tinegachris