PC hacking is done not only by malware but also by 'hardware'. What is the method?

From the word 'hacking', we can imagine exploiting software vulnerabilities to inject malware or infiltrate a network, but by modifying the

printed circuit board of a computer, hacking performed via hardware Also exists. ' IEEE Spectrum, ' a news site operated by the IEEE, which is a technical standardization organization, summarizes hacking methods and countermeasures for such printed circuit boards.

Three Ways to Hack a Printed Circuit Board-IEEE Spectrum

In 2018, Bloomberg reported that the PLA has installed chips for stealing data on Supermicro motherboards shipped to Apple and Amazon. After all, the details of the report were not disclosed, but it was an event that made me strongly aware of the possibility of hacking via printed circuit boards.

What was Supermicro's coverage of spy chips? -GIGAZINE

In order to understand the technique of hacking a printed circuit board, it is necessary to know how the printed circuit board is made in the first place. The printed circuit board designer first creates a circuit diagram that describes all the parts on the board and their connections. Next, a reference number is given to each part based on the circuit diagram, and a printed circuit board pattern that describes the position of the parts on the board is created. The pattern is dropped into two ASCII files, a

Gerber file and a drill file. The Gerber file represents the board as a graphic, and the drill file represents the position of the holes in the board. Printed circuit board manufacturers use these two files to manufacture their boards. In other words, in order to hack a printed circuit board, it is necessary to tamper with any of the 'circuit diagram', 'pattern', 'gerber file and drill file'.

IEEE Spectrum explains that among the three stages of “schematic diagram”, “pattern”, “gerber file and drill file”, it is the two stages where tampering detection is difficult: “schematic diagram” and “gerber file and drill file”. Since the schematic is believed to most accurately reflect the designer's intention, it is difficult to see the attack by referring to something else. In addition, Gerber files and drill files are ASCII format files that have no cryptographic protection and are human readable. Gerber files are based on industry standards, so it's relatively easy to learn to tamper with.


Dmitry Djouce

If tampering succeeds at any design stage, the attacker must embed the component in the circuit somewhere in the 'production process', 'repair process', or 'transportation process'. Embedding in the production process is difficult because it requires changes in the supply chain itself, but in the repair process that generally requires manual work, it is possible to easily add parts. It is also possible to manually mount components on boards stored in warehouses.

IEEE Spectrum also explains what attacks an attacker can do if he succeeds in hacking a printed circuit board. The first is an attack by accessing SMBus . SMBus is a bus that controls the voltage and clock frequency of the motherboard and is not encrypted. If you can access the SMBus by adding a power supply controller etc., it seems that it will be possible to change the voltage and break the parts, or interfere with the communication between the CPU and the sensor on the board.

The second is an attack by accessing the SPI bus. The SPI bus is used by important code such as the BIOS for access.By adding SPI flash memory and accessing the SPI bus, the hardware configuration can be changed via the BIOS and malicious code can be executed. It is possible.

The third is an attack by accessing the LPC bus. The LPC is a bus that allows access to power supplies and other important control functions, and is an attractive bus for attackers. The LPC bus is often connected to the BMC of the system management controller, which allows remote access to the computer via the BMC or the SPI bus via the BMC for patching the BIOS Then IEEE Spectrum explains.

In order to prevent such hacking of the printed circuit board, it seems that optical scanning or artificial intelligence may be used, but manual confirmation is also possible. Hacking is detected by checking the presence/absence of reference numbers, the consistency between the reference numbers on the component and the reference numbers on the circuit diagram, pattern, and parts list, the shape of the component, and the components that are not mounted on the board. can.

IEEE Spectrum argues that modern motherboards are very likely to be exploited because they have thousands of components. However, as with malware, it can be said that attacks can be prevented by increasing the sensitivity to problems and deliberate scrutiny.

in Hardware,   Security, Posted by darkhorse_log