Security Researcher Adds Spy Chip to IT Equipment for Just $200

Security Researcher Adds Spy Chip to IT Equipment for Just $200

Malware scanners can protect your devices from malicious software, but what about malicious hardware? Implanting covert spy chips could give a bad actor unlimited access to your data, which is why Bloomberg Business’ SuperMicro report last year was so worrying. No evidence has surfaced to support those claims, but sneaking spy chips into hardware isn’t impossible, In fact, one security researcher says he’s figured out a way to do it for about $200 in his basement.

In the Bloomberg story, sources claimed that Chinese state-sponsored hackers had secretly added small chips to SuperMicro’s server motherboards. These boards were later used in Apple and Amazon servers. The chips were allegedly tiny, no larger than a grain of rice. So, it was understandable they had snuck in under the radar. However, every company named in the story has denied it, and external reviews of SuperMicro boards found no such chips.

We know intelligence agencies like the NSA routinely insert spy chips into devices during transit, and security researcher Monta Elkins claims to have developed a version of that technique with off-the-shelf hardware. All Elkins needed was a $150 air-soldering tool, a $40 microscope, and some tiny programmable chips used in personal electronics projects.

Elkins approach uses an ATtiny85 chip salvaged from Digispark Arduino boards, each of which costs around $2. The chips have a total surface area of about 5mm, more than small enough to go unnoticed on a circuit board. You can see the chip indicated below, but Elkins says he could have made it even more stealthy if he hadn’t wanted to show the chip placement to fellow hackers.

Security Researcher Adds Spy Chip to IT Equipment for Just $200

As a proof of concept, Elkins created code for the chip that allowed him to interface with the administrator settings on a Cisco ASA 5505 firewall. Elkins says he chose that model because it was the cheapest one he could find on eBay, but the attack should work on all similar systems. When the compromised board boots up, the chip triggers the firewall’s password recovery feature and creates a new administrator account. An attacker could use that account to monitor network activity and steal data.

Elkins plans to reveal all the details of his project at the upcoming CS3sthlm security conference, but he’s not trying to prove Bloomberg’s report is accurate. Instead, he wants everyone to realize implanting spy hardware is trivially easy regardless of whether that report was true. It only cost him $200 to devise a strategy to do it, and a state-sponsored hacker with access to chip fabrication could make much more stealthy custom designs for a few thousand dollars.

Top image credit: Getty Images

Continue reading

The Best Smart Home Security Systems
The Best Smart Home Security Systems

Once a niche business with a few traditional players and some startups, home security systems are now a major battleground for not just security companies, but several internet giants. We round up highlights of the most popular options for 2020.

Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs
Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs

Intel, AMD, and Qualcomm are working to make Pluton part of their upcoming designs, which should make PCs more difficult to hack, but it also bakes Microsoft technology into your hardware.

Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019

SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.

A File Sharing App With 1 Billion Downloads Has a Major Security Flaw
A File Sharing App With 1 Billion Downloads Has a Major Security Flaw

Trend Micro says SHAREit is a security nightmare that could allow intruders to sneak a peek at your data or even install malware. Perhaps most troublingly, the developers have not responded to Trend Micro's warnings.