Security Researcher Adds Spy Chip to IT Equipment for Just $200

Security Researcher Adds Spy Chip to IT Equipment for Just $200

Malware scanners can protect your devices from malicious software, but what about malicious hardware? Implanting covert spy chips could give a bad actor unlimited access to your data, which is why Bloomberg Business’ SuperMicro report last year was so worrying. No evidence has surfaced to support those claims, but sneaking spy chips into hardware isn’t impossible, In fact, one security researcher says he’s figured out a way to do it for about $200 in his basement.

In the Bloomberg story, sources claimed that Chinese state-sponsored hackers had secretly added small chips to SuperMicro’s server motherboards. These boards were later used in Apple and Amazon servers. The chips were allegedly tiny, no larger than a grain of rice. So, it was understandable they had snuck in under the radar. However, every company named in the story has denied it, and external reviews of SuperMicro boards found no such chips.

We know intelligence agencies like the NSA routinely insert spy chips into devices during transit, and security researcher Monta Elkins claims to have developed a version of that technique with off-the-shelf hardware. All Elkins needed was a $150 air-soldering tool, a $40 microscope, and some tiny programmable chips used in personal electronics projects.

Elkins approach uses an ATtiny85 chip salvaged from Digispark Arduino boards, each of which costs around $2. The chips have a total surface area of about 5mm, more than small enough to go unnoticed on a circuit board. You can see the chip indicated below, but Elkins says he could have made it even more stealthy if he hadn’t wanted to show the chip placement to fellow hackers.

Security Researcher Adds Spy Chip to IT Equipment for Just $200

As a proof of concept, Elkins created code for the chip that allowed him to interface with the administrator settings on a Cisco ASA 5505 firewall. Elkins says he chose that model because it was the cheapest one he could find on eBay, but the attack should work on all similar systems. When the compromised board boots up, the chip triggers the firewall’s password recovery feature and creates a new administrator account. An attacker could use that account to monitor network activity and steal data.

Elkins plans to reveal all the details of his project at the upcoming CS3sthlm security conference, but he’s not trying to prove Bloomberg’s report is accurate. Instead, he wants everyone to realize implanting spy hardware is trivially easy regardless of whether that report was true. It only cost him $200 to devise a strategy to do it, and a state-sponsored hacker with access to chip fabrication could make much more stealthy custom designs for a few thousand dollars.

Top image credit: Getty Images

Continue reading

Intel Launches AMD Radeon-Powered CPUs
Intel Launches AMD Radeon-Powered CPUs

Intel's new Radeon+Kaby Lake hybrid CPUs are headed for store shelves. Here's how the SKUs break down and what you need to know.

Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption

The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.

AMD’s New Radeon RX 6000 Series Is Optimized to Battle Ampere
AMD’s New Radeon RX 6000 Series Is Optimized to Battle Ampere

AMD unveiled its RX 6000 series today. For the first time since it bought ATI in 2006, there will be some specific advantages to running AMD GPUs in AMD platforms.

Starlink Beta Speed Tests Put Traditional Satellite Internet to Shame
Starlink Beta Speed Tests Put Traditional Satellite Internet to Shame

According to data from Ookla Speedtest and analyzed by our colleagues at PCMag, Starlink is living up to its lofty speed claims.