A cybersecurity expert has revealed a way to secretly implant spy chips in popular hardware products and it’s so cheap that anyone with US$200 can easily do it. Monta Elkins from the security firm Foxguard will be presenting his work at the CS3sthlm security conference this month.
The spy chip
“To create his tiny spy chip, Elkins used a 5 mm Square ATtiny85 chip commonly found on a Digispark Arduino board. He first wrote his hacking code into the chip before removing it from the board and transferring it to a Cisco ASA 5505 firewall. He chose a spot on the Cisco motherboard that would allow the chip to access the firewall’s serial port without needing any additional wiring,” according to Tech Times.
Though Elkins could have chosen a smaller chip, he decided to go with ATtiny85 since it was easier to program compared to others available on the market. The chip also could have been hidden more subtly than what Elkins demonstrated. However, he wanted to show the chip’s placement at the conference, which is why it was placed in a relatively easy to spot location.
ATtiny85 was programmed in a way that it would carry out the attack as soon as the firewall booted up. “It impersonates a security administrator accessing the configurations of the firewall by connecting their computer directly to that port. Then the chip triggers the firewall’s password recovery feature, creating a new admin account and gaining access to the firewall’s settings,” according to Wired.
What is scary is that while the hacker gains control of the network, the administrator won’t even be aware of it. The hacker gets the power to change the firewall configuration any way he wants. By applying reverse engineering, it is possible to reprogram the firewall’s firmware in such a manner that it becomes a full-featured toolset to spy on every aspect of the network.
Elkins wanted to show organizations how easy it is for hackers to gain access to their entire IT network with a minimal budget. He warns that there are people far smarter than he is who can use these methods in a much more dangerous way. Add to it the fact that serious hackers might have more cash and resources at their disposal and the possibility that such spy chips might end up doing significant damage to corporations is significant.
Elkins’ spy chip hack comes a year after Bloomberg’s controversial report that suggested Chinese spies were implanting chips in Amazon and Apple servers. Apple did not take to the story kindly, with CEO Tim Cook flatly calling it a lie. Subsequent investigations into the subject by third party groups also sided with Apple. The fact that Bloomberg was not able to show even one motherboard that contained a spy chip made the claim unbelievable for most security experts.
However, Bloomberg has neither retracted its story nor admitted that some parts of it may be false. The story was awarded the ‘Most Over-hyped Bug’ prize as part of the Pwnie Awards, a series of awards given by the security community at the BlackHat USA conference. Though, if proven to be true, organizers agreed that the story would be one of the biggest computer security stories of the year or even the decade.