Malware scanners can protect your devices from malicious software, but what about malicious hardware? Implanting covert spy chips could give a bad actor unlimited access to your data, which is why Bloomberg Business’ SuperMicro report last year was so worrying. No evidence has surfaced to support those claims, but sneaking spy chips into hardware isn’t impossible, In fact, one security researcher says he’s figured out a way to do it for about $200 in his basement.
In the Bloomberg story, sources claimed that Chinese state-sponsored hackers had secretly added small chips to SuperMicro’s server motherboards. These boards were later used in Apple and Amazon servers. The chips were allegedly tiny, no larger than a grain of rice. So, it was understandable they had snuck in under the radar. However, every company named in the story has denied it, and external reviews of SuperMicro boards found no such chips.
We know intelligence agencies like the NSA routinely insert spy chips into devices during transit, and security researcher Monta Elkins claims to have developed a version of that technique with off-the-shelf hardware. All Elkins needed was a $150 air-soldering tool, a $40 microscope, and some tiny programmable chips used in personal electronics projects.
Elkins approach uses an ATtiny85 chip salvaged from Digispark Arduino boards, each of which costs around $2. The chips have a total surface area of about 5mm, more than small enough to go unnoticed on a circuit board. You can see the chip indicated below, but Elkins says he could have made it even more stealthy if he hadn’t wanted to show the chip placement to fellow hackers.
As a proof of concept, Elkins created code for the chip that allowed him to interface with the administrator settings on a Cisco ASA 5505 firewall. Elkins says he chose that model because it was the cheapest one he could find on eBay, but the attack should work on all similar systems. When the compromised board boots up, the chip triggers the firewall’s password recovery feature and creates a new administrator account. An attacker could use that account to monitor network activity and steal data.
Elkins plans to reveal all the details of his project at the upcoming CS3sthlm security conference, but he’s not trying to prove Bloomberg’s report is accurate. Instead, he wants everyone to realize implanting spy hardware is trivially easy regardless of whether that report was true. It only cost him $200 to devise a strategy to do it, and a state-sponsored hacker with access to chip fabrication could make much more stealthy custom designs for a few thousand dollars.
Top image credit: Getty Images
- Bloomberg Claims Hacked SuperMicro Server Found in US Telecom
- Trump May Sign Executive Order to Ban Huawei, ZTE Telecom Equipment
- Researchers: ‘Simjacker’ Attack Silently Tracks Your Phone’s Location