SurveillanceIntelligence agencies spy on our data by manipulating computer chips
Researchers work to develop mechanisms that will render the Internet of Things more secure. They focus on a specific security gap: the manipulation of computer chips, that is, hardware components. These components can be found not only in PCs and laptops, but also in all other devices with integrated electronics; those include credit cards, cars, and smartphones, as well as large industrial facilities and medical equipment.
Integrating Trojans in computer chips is a time consuming and at the same time highly sophisticated attack method. They are almost impossible to detect – an advantage that intelligence agencies would love to exploit.
Christof Paar has made it: the Head of the Chair for Embedded Security at Ruhr-Universität Bochum (RUB) received one of the highly contested Advanced European Research Council Grants (ERC) in 2016. Merely a few applicants have been successful, because the funding is awarded only to those who conduct groundbreaking pioneering research at the highest international level.
The fact that he received the ERC Advanced award demonstrates the significance of the proposed research: Paar intends to develop mechanisms that will render the Internet of Things more secure. RUB says that he focuses on a specific security gap: the manipulation of computer chips, that is, hardware components. These components can be found not only in PCs and laptops, but also in all other devices with integrated electronics; those include credit cards, cars, and smartphones, as well as large industrial facilities and medical equipment.
Attackers may potentially manipulate those chips in such a way that the encryption algorithms running on them can be disabled or private date can be leaked. In the same way, functions can be reprogrammed via manipulated hardware, or an attacker can gain control over devices and systems. This can be as perilous in cars as in drones.
Unlike traditional software Trojans that can, for example, infiltrate a system via malicious email attachments, hardware Trojans are security vulnerabilities which could either be integrated in the devices by the manufacturers from the outset, or which could be included during chip manufacturing. The alarming fact is that more than 90 percent of all hardware chips designed in Germany are manufactured in Asia.
Why should manufacturers or chip manufactures be motivated to introduce Trojans? Paar has a theory: “Governments all over the world might be deeply interested in hardware Trojans. Ever since Edward Snowden published his whistleblower reports, we have been aware that intelligence agencies invest a lot of time and money into disabling security systems using a host of methods.” Often, companies find it difficult to say no to intelligence agencies, even though they take a great risk: should it become known that they have been betraying their customers by introducing Trojans, they lose their clients’ trust. This happened to “Crypto AG” in the 1980s. The Swiss company manufactured encryption devices for
