A security company publishes movies that physically access laptops and hack them in just 4 minutes
Staying at a hotel by travel or work, going out somewhere while leaving a laptop in your room has the risk that an intruder into your room will physically access your laptop. Hacking to a laptop that keeps on the hotel is called " Evil Maid Attack " because it is limited to the cabin (maid) to put it in the hotel room freely. Mickey Shukatov, a researcher at Eclypsium, a security company, opened the case of a laptop computer, connected the device directly to the chip with built-in BIOS, and released a movie showing how to get backdoor to the firmware.
Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes - Motherboard
You can check the appearance of actually launching "Maid Attack" on your laptop from the following movie.
Evil Maid Attack Demo - YouTube
Mr. Shukatov prepared a notebook PC made by Dell.
First remove all the screws that are stopped at the eight locations behind the notebook PC.
In just 35 seconds, I could remove all the screws and opened the case.
Remove the CPU cooler ......
Connect a ROM writer dedicated to the SPI flash connected via USB to a separately prepared PC. Rewrite the target SMM firmware with this ROM writer.
Firmware rewrite finished in about 1 minute and 30 seconds.
Remove the ROM writer and install the CPU cooler ......
Close the back cover and tighten the screws.
I succeeded in establishing a malicious backdoor by physically connecting to the notebook PC in just 4 minutes 3 seconds. With this speed, hacking is possible enough even while the owner of the notebook computer goes shopping or going to the lounge.
I started a notebook PC that I tried hacking. You can confirm that a malicious program is running by displaying a dubious reading screen.
Mr. Sukatov's device can be purchased for $ 285 (about 32,000 yen) on the Internet, and the backdoor program is also distributed by GitHub. "Physical hacking is difficult to defend and most people have not taken any measures to defend, but physical hacking is more It is time and effortless for people to think about. "