After Bloomberg reported ‘The Big Hack,’ denials from the tech industry and government officials were swift and most reporting focused on these contradictions. However, cyber defense expert Matthew Hicks’ reaction was a little more like deja vu. Over 8 years ago he suggested something almost identical in his dissertation.
“There are three characteristics that make this hack plausible: First, it is on a Serial Peripheral Interface or SPI which has only one or two wires. Some interfaces can have hundreds of wires to send signals, making make it easier to detect. This one does not. Second, it is on a lower speed interface, which is cheaper. By picking a connection that is narrow with less wires and slow, hackers gain the best chance of a small inexpensive attack. Last but not least, it is positioned in a place that gives it access to memory where a lot of security critical data is located. These three factors make where the chip is allegedly located ideal,” said Hicks, an assistant professor of computer science at Virginia Tech.
“In 2010 it became clear to me that we could no longer fabricate the latest and greatest processors or hardware in United States. We had to farm that out to China or Taiwan, and since there is huge trust gap there, I began to examine various ways someone could implement a hardware attack.”
“I have looked at doing similar attacks and the claimed attack addresses many motherboard level challenges. They bypass those challenges which makes it very believable. You would have to have technical knowledge to claim this. It is unlikely a reporter would come to this conclusion on their own.”
“Reverse engineering this attack is of great societal importance, because even if we don’t know it happened, there is value in showing it could happen. And being able to show that demonstrates a much more pervasive security issue than just this specific case.”
“Also we can only begin to create defenses once we understand these kinds of attacks, which are very challenging. It is not an easy fix.”
Matthew Hicks’ research focuses on addressing security challenges in low-level hardware code, hardware devices for security systems, and battery-less devices. His work has been used by military contractors, hardware security startups, and have inspired others in the fields of security and academia to devise code analysis techniques aimed at uncovering malicious hardware. Read his full bio here.
Hicks can also elaborate on how a nefarious actor could really maximize on this attack, real or not. So to schedule an interview contact Ceci Leonard at firstname.lastname@example.org or 540-357-2500. Virginia Tech’s television and radio studio can broadcast live HD audio and video to networks, news agencies, and affiliates.
Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, and Dennis Sylvester, “A2: Analog Malicious Hardware”, Proceedings of the IEEE Symposium on Security and Privacy (Oakland), May 2016.
Cynthia Sturton, Matthew Hicks, David Wagner, and Samuel T. King, “Defeating UCI: Building Stealthy and Malicious Hardware”, Proceedings of the IEEE Symposium on Security and Privacy (Oakland), May 2011.
Matthew Hicks, Murph Finnicum, Samuel T. King, Milo M. K. Martin, and Jonathan M. Smith, “Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically”, Proceedings of the IEEE Symposium on Security and Privacy (Oakland), May 2010.