New hardware implant designed as a proof-of-concept, showed how easy it is to hide malicious chips inside it equipment.
Remember, a little over a year ago there appeared information about the Supermicro motherboards used by technogiant like Apple and Amazon, which allegedly had secretly installed a chip the size of a grain of rice?
This chip, according to experts, the government allowed Chinese hackers to engage in espionage.
Despite the fact that this story has not received official confirmation, experts in the field of cyber security has warned that such attacks on the supply chain is very real.
But now researchers have gone further, demonstrating how easy and cheap you can install a spy chip into the hardware of any company.
You do not need to use the power of government intelligence agencies, will need to work only one committed hacker, who will need access. And equipment to carry out such an operation will cost only $200.
This month will host a conference CS3sthlm on cyber security. At this event, expert Monta Elkins promises to demonstrate proof-of-concept attack described above, developed at home.
The Elkins task is to show how easily the spies and cyber criminals with minimal knowledge can install a chip in a corporate it equipment. As a result of this successful attack, they will have to be a backdoor access.
What will it take attackers: a tool for hot air soldering ($150), microscope ($40) and a few chips for two dollars. This was enough Skins for exposure to Cisco firewall.
According to him, he made the changes that system administrators are unlikely to notice. The expert was able to obtain remote access and penetrate deep into the target device.
Elkins used a 5 mm ATtiny85 chip, which is purchased for two dollars in the Network. After that, the researcher recorded in the chip your code, and then soldered it to the motherboard of the Cisco ASA 5505.
Elkins programmed the chip so that the attack began immediately after loading firewall in the attacked data center. According to the specialist, he was able to change the settings of the firewall and disable the protective function.
Card with chip Elkins promises to show at the conference CS3sthlm.
Read more •••
The investigator maniac became a hero of the blog