Photo: Shutterstock
We’re all aware of viruses, phishing emails, and phone hacks, but there’s an even more insidious form of security breach that is much harder to detect. Sometimes the physical chips within our devices are intentionally made faulty, allowing them to create a weakness that can be used by criminals. It’s hard to find this malicious hardware because the chips themselves are reporting that they’re working just fine.
Although this threat is not very common yet, it does exist. There is a team from NYU that is working on special chips which have an external module that allows technicians to verify if the chip is working as intended. This means that when a device is tested before being sold to a consumer, tech companies can be certain that everything is working correctly.
“Employing an external verification unit made by a trusted fabricator means that I can go to an untrusted foundry to produce a chip that has not only the circuitry-performing computations, but also a module that presents proof of correctness” (proper functioning), says Siddharth Garg, an assistant professor of electrical and computer engineering at the NYU Tandon School of Engineering, a member of the research team developing the new technology.
The malicious hardware is intentionally made that way, but not by the companies making the devices. They have a vested interest in keeping our computers, tablets, smartphones and other accessories secure so we keep buying them. However, the cost of producing chips has risen significantly, and therefore the foundries making them have moved offshore, which means less direct oversight in their production.
Cybercriminals sometimes get jobs at such foundries with the intention of installing malicious circuitry which they or their peers can take advantage of later. These “Trojan horse” chips are exactly what the new application-specific integrated circuits (ASIC) are designed to test for, and with their help, firms could keep malicious hardware from reaching the market.
ASIC is still a new concept, and it is still being tested. But if it proves successful, users and tech firms will be seeing this technology become increasingly popular.
