Most people with a basic knowledge of computing equate hacks with malicious software or code that attacks other software. And they equate the necessary fixes with software that “patches” those hacks. Hackers insert code that affects how software runs; in response, IT managers install software patches to get rid of the malicious code—and on the cycle goes.

Software Attacks Hardware

Since the 1990s, hackers have quietly and consistently expanded their reach beyond software-on-software attacks with software hacks that can damage or takeover hardware. Though hardware exploits are still relatively uncommon, when they do happen, they are much harder to detect and fix compared to software attacks.

A 1998 hardware hack dubbed “CIH” (also known as “Chernobyl” and “Spacefiller”) is thought to have been the first hardware attack. At its most destructive, CIH destroyed the system BIOS on computers running the Windows 9x operating system. The attack left an infected computer inoperable unless new BIOS chip was installed.

In 2012, security researcher Jonathan Brossard showed how a hardware backdoor dubbed “Rakshasa” could replace a computer’s entire BIOS on boot without being detected. While only a proof of concept, the idea set the security world on edge. Brossard showed how the attack could bypass encryption and the OS to essentially permanently take over a device.

In the spring of 2015, a team at Google found a hardware bug named “Rowhammer” that could use JavaScript to target DRAM. The bug allows a potential hack to repeatedly access a memory block, which can cause bit values to flip in other DRAM locations. Known as a disturbance error, these flips create reliability problems by bypassing memory protections and opening the door for one program to corrupt another program.
While the Rowhammer bug is possible, no known exploits using it have been carried out so far. However, as InfoWorld columnist Roger A. Grimes stated in the article “Hardware Exploits May Be a Sign of Threats to Come,” “I see it [Rowhammer] as more of a canary in the coalmine rather than a specific threat. … It’s likely hardware-based exploits will become more common in the future, especially as the Internet of things becomes a reality.”[1] In the 2016 McAfee Labs Threat Predictions Report, Intel Security reported hardware attacks at its top threat prediction, supporting the idea of the increasing risk of attacks targeting hardware.[2]

Hardware Manufacturers to the Ready

While hackers have been figuring out how to hack hardware, hardware manufacturers have been working on solutions for hardware-based security. This move started in the early 2000s, and it is consistently advancing. Hardware-based security not only can protect against hardware attacks, it can also reinforce protection and prevention against traditional software attacks.

Intel is one manufacturer that has brought security protections to the hardware layer. Intel is also using the hardware layer to reinforce software-based security. Intel embeds a variety of security technologies directly into the silicon on its chipsets used in devices for consumers, servers, data centers, and the Internet of Things (IoT). These embedded technologies provide protections that begin before a device’s operating system or software even start up. In other words, if something or someone tries to tamper with a device’s BIOS, firmware, master boot record (MBR), or other low-level components, hardware-assisted security can potentially identify and prevent the attempted tampering, stopping the attack before it spreads or does damage. Once the system is started, Intel’s hardware-based approach also provides a stronger foundation for software-specific security measures—whether developed by Intel or others—to work within.

Intel is not alone in focusing on hardware-based security. Semiconductor manufacturer ARM introduced hardware-based security on its chips with its TrustZone technology many years ago. TrustZone technology, as well as Intel solutions, leverage a trusted execution environment (TEE) on the chip to create a secure area to execute select functions, such as boot, cryptography, and authentication.

More to Come

This post skims the surface of hardware attacks and hardware-based security. The cycle of cybercriminals hacking and security professionals thwarting the attacks or remediating their damage will inevitably continue. As it does, we’ll keep an eye on hardware-based security trends and technologies, and we will share advances and more information with you here. To learn more right now, you might want to read the Stronger Endpoint Security Starts with a Hardware-Based Foundation white paper from Intel.


[1] Grimes, Roger A. InfoWorld. “Hardware Exploits May Be a Sign of Threats to Come.” March 2015. http://www.infoworld.com/article/2900507/security/hardware-exploits-sign-of-threats-to-come.html

[2] “Top Cyber Threats for 2016 and Next Five Years”: http://www.insurancejournal.com/news/national/2015/11/17/389164.htm

Share this:

FacebooktwitterlinkedinmailFacebooktwitterlinkedinmail