A geek or a nerd glaring at a green tinted computer screen used to be the visual that defined the action of hacking into secure electronics. Every movie ran with that concept whenever they needed to depict a hacker. Looks like those days are a goner as things have gotten a lot more physical.
Ex-army man attack
On 17th February, The Register reported hardware hacker Christopher Tarkovsky’s successful hack into an Infineon SLE 66PE. The SLE 66PE is a micro controller that the Trusted Platform Module (TPM) (we earlier covered it here) designation of security.
How did the former US Army computer-security specialist do it? He physically dissected the controller and used focused ion beam workstation to view the chip in the nanometer scale. He then proceeded to manipulate its individual wires using microscopic needles to get through all the security countermeasures — both physical and software. It would not be wrong to say that he performed surgery on the poor security chip.
This is not to say the chip was not secure. The Register reports, “What he found was a chip that was locked down with multiple levels of defenses. Optical sensors, for instance, were designed to detect ambient light from luminous sources. And a wire mesh that covered the microcontroller was aimed at disabling the chip should any of its electrical circuits be disturbed.”
Edward Snowden reveals other secrets
A few days after the The Register’s report, ABC News reported that Edward Snowden explained how it is also possible to de-capsulate the chip of a device to allow it to be examined on a microscopic level for potential weaknesses that cane exploited. It is believed that this is one of the ways in which the Apple device current being the subject of an FBI investigation could be hacked into.
ABC News explains in more details of how this process could be carried out:
The idea is to take the chip from the iPhone, use a strong acid to remove the chip’s encapsulation, and then physically, very carefully drill down into the chip itself using a focused ion beam.
The hacker could, micron by micron, attempt to expose the portion of the chip containing exactly that data. The hacker would then place infinitesimally small “probes” at the target spot on the chip and read out, literally bit by bit, the UID data. The same process would then be used to extract data for the algorithm that the phone normally uses to “tangle” the UID and the user’s passkey to create the key that actually unlocks the phone.