Security Researcher Adds Spy Chip to IT Equipment for Just $200

Security Researcher Adds Spy Chip to IT Equipment for Just $200

Malware scanners can protect your devices from malicious software, but what about malicious hardware? Implanting covert spy chips could give a bad actor unlimited access to your data, which is why Bloomberg Business’ SuperMicro report last year was so worrying. No evidence has surfaced to support those claims, but sneaking spy chips into hardware isn’t impossible, In fact, one security researcher says he’s figured out a way to do it for about $200 in his basement.

In the Bloomberg story, sources claimed that Chinese state-sponsored hackers had secretly added small chips to SuperMicro’s server motherboards. These boards were later used in Apple and Amazon servers. The chips were allegedly tiny, no larger than a grain of rice. So, it was understandable they had snuck in under the radar. However, every company named in the story has denied it, and external reviews of SuperMicro boards found no such chips.

We know intelligence agencies like the NSA routinely insert spy chips into devices during transit, and security researcher Monta Elkins claims to have developed a version of that technique with off-the-shelf hardware. All Elkins needed was a $150 air-soldering tool, a $40 microscope, and some tiny programmable chips used in personal electronics projects.

Elkins approach uses an ATtiny85 chip salvaged from Digispark Arduino boards, each of which costs around $2. The chips have a total surface area of about 5mm, more than small enough to go unnoticed on a circuit board. You can see the chip indicated below, but Elkins says he could have made it even more stealthy if he hadn’t wanted to show the chip placement to fellow hackers.

Security Researcher Adds Spy Chip to IT Equipment for Just $200

As a proof of concept, Elkins created code for the chip that allowed him to interface with the administrator settings on a Cisco ASA 5505 firewall. Elkins says he chose that model because it was the cheapest one he could find on eBay, but the attack should work on all similar systems. When the compromised board boots up, the chip triggers the firewall’s password recovery feature and creates a new administrator account. An attacker could use that account to monitor network activity and steal data.

Elkins plans to reveal all the details of his project at the upcoming CS3sthlm security conference, but he’s not trying to prove Bloomberg’s report is accurate. Instead, he wants everyone to realize implanting spy hardware is trivially easy regardless of whether that report was true. It only cost him $200 to devise a strategy to do it, and a state-sponsored hacker with access to chip fabrication could make much more stealthy custom designs for a few thousand dollars.

Top image credit: Getty Images

Continue reading

Samsung Reveals Galaxy S21 Family With Snapdragon 888, $200 Price Cut
Samsung Reveals Galaxy S21 Family With Snapdragon 888, $200 Price Cut

All three devices have the latest Snapdragon 888 ARM chip, lower price tags, and no included charger. Read our full breakdown of the different models here.

Sony’s New Xperia Pro Smartphone Is a $2,500 Camera Accessory
Sony’s New Xperia Pro Smartphone Is a $2,500 Camera Accessory

This device is aimed at professional and enthusiast photographers who want a powerful accessory for their cameras. It's also Sony's first 5G smartphone in the US, but the price is positively jaw-dropping at $2,500.

Intel Ordered to Pay $2.2 Billion in Patent Infringement Case
Intel Ordered to Pay $2.2 Billion in Patent Infringement Case

Intel has been hit with a massive $2.2B patent infringement judgment. The company has pledged to appeal the ruling.

Microsoft Wins $21.9 Billion Contract to Supply AR Headsets to the US Army
Microsoft Wins $21.9 Billion Contract to Supply AR Headsets to the US Army

Microsoft has signed a 10-year, $21.9 billion contract with the US Army to provide augmented reality technology based on its HoloLens devices.