Laser Hacking. If there’s one phrase that says we’re already living in the future I envisioned as a kid, it’s laser hacking, or to give the method its more technical term, “laser fault injection.” . While laser-based hacking techniques aren’t exactly new, you’ll usually need sophisticated and expensive machinery to pull off such a sophisticated trick.
However, two hackers from security firm NetSPI plan to offer their own open-source, 3D printable solution, called RayV Lite. Black Hat Cyber Security Conference This weekend in Las Vegas (via Wired). Costing just $500 to build and use many off-the-shelf parts, the duo hopes the device will bring laser hacking to the masses.
First, a primer: modern chips use transistors that are incredibly small. So small, in fact, that they are subject to small variations in charge. Laser hacking devices using the laser fault injection method use precisely targeted and timed laser blasts (a phrase I’ve always wanted to write) to dislodge electrons and cause defects on a chip.
By pinpointing the right time and place to focus the laser, hackers can potentially circumvent hardware security measures and gain access to all of the chip’s capabilities that would otherwise be locked and (hardware) keyed. will be below.
Generally, you will need Some serious hardware And a lot of cash to achieve such an effect. However, Sam Beaumont and Larry “Patch” Trowell have designed a tool that uses a set of relatively inexpensive and widely available components, including a $20 laser pointer, a Raspberry Pieand an open source 3D printed microscope design to achieve the same effect.
The creators hope to encourage hardware manufacturers to secure chips against laser hacking methods, after customers reported laser fault injection and similar attack methods. are very expensive to perform and are not a high priority to protect against. By creating a device that supposedly costs just $500 to build, they hope to demonstrate that such attacks are now implementable by DIYers and hobbyists.
“We’re not discovering anything new, in the sense that other people have used lasers in this way before,” says Beaumont. “We’re doing it at a low cost, so people can do it in their own homes.”
In testing, an automotive chip with a faulty laser bypassed security checks that allowed hackers to scan through its code to identify vulnerabilities. Cryptocurrency wallets According to the researchers, people protected by a PIN are also vulnerable:
“You take the chip out of the crypto wallet, hit it with the laser at the right time, and it will just assume you have a PIN. It just jumps through the instructions and returns the key.”
The first version of the tool will focus on laser fault injection, while later versions are planned to use a different method. Laser logic state imaging. This more advanced technique uses lasers to monitor chip architecture and activity to map data as it is being processed, revealing vulnerabilities that can be exploited later. Can be picked up.
While laser-based hacking methods seem like something straight out of the pages of science fiction novels, the tool seems to have a new generation of hobbyists with precious electrons flowing around our electronic devices. A good opportunity to start a mess.
While security is the primary concern here, having access to a relatively inexpensive tool that can target, disrupt, and reveal the inner workings of highly complex silicon will hopefully increase understanding for many. Either that, or your hardware crypto-wallet just became more vulnerable to the tyranny of lasers, rather than falling off the back of the couch — or given the volatility of the crypto market, which occasionally Expensive paperweight.