this post was submitted on 04 Aug 2024
160 points (99.4% liked)

Technology

59756 readers
2146 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

… "The first of two versions of the RayV Lite will focus on laser fault injection (LFI). This technique uses a brief blast of light to interfere with the charges of a processor’s transistors, which could flip them from a 0 value to a 1 value or vice versa. Using LFI, Beaumont and Trowell have been able to pull off things like bypassing the security check in an automotive chip’s firmware or bypassing the PIN verification for a cryptocurrency hardware wallet.

The second version of the tool will be able to perform laser logic state imaging. This allows snooping on what’s happening inside a chip as it operates, potentially pulling out hints about the data and code it’s handling. Since this data could include sensitive secrets, LSI is another dangerous form of hacking that Beaumont and Trowell hope to raise awareness of." …

top 14 comments
sorted by: hot top controversial new old
[–] [email protected] 32 points 4 months ago (1 children)
[–] Chee_Koala 18 points 4 months ago (2 children)
[–] [email protected] 5 points 4 months ago

starts attacking the ground with an axe

Hack the planet!

[–] [email protected] 4 points 4 months ago

They’re trashing our rights! Trashing!

[–] solrize 12 points 4 months ago (2 children)

Security chips like smart card processors have safeguards against this sort of attack, fwiw. Regular chips are likely more vulnerable.

[–] A_A 5 points 4 months ago (2 children)

Safeguards against LSi may include :
Sensor-based detection ?
Error detection and correction ?
Redundancy and duplication ?
Shielding // physical + chemical protection ?
Anti-tamper mechanisms ?
Randomization and noise injection ?

[–] solrize 11 points 4 months ago

Chapter from "Security Engineering" (2nd ed) about physical tamper resistance:

https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c16.pdf

It's been ages since I read it so idr how much of it was at chip level. Really high end stuff have the secure chips in a tamper reactive enclosure so it's difficult to get to them without first erasing the contents. The chapter discusses that ;).

[–] [email protected] -3 points 4 months ago (1 children)

Why the question marks, the answer is always yes.

[–] A_A 5 points 4 months ago

Because this is not my domain of expertise and I seek comments from other people.

[–] [email protected] 3 points 4 months ago (2 children)

I was gonna ask if things like YubiKeys or even security chips inside smartphones were vulnerable to these sort of attacks, but apparently not, thanks for the heads up.

[–] solrize 5 points 4 months ago

I don't think perfect invulnerability is possible: there are just higher and lower amounts of resistance, and of course there can be mistakes including in the protocols. The really high end stuff with tamper reactive packaging (e.g. used in banking) are usually installed in servers in secure data centers, with 24/7 CCTV coverage. So it would be very hard to mess with those things without at least being detected on the camera. The chips inside phones (Apple Secure Enclave, Google Titan) do receive a lot of attention to these issues.

Back around the 1990s there was sort of a technical arms race between set-top box manufactuers (the boxes authenticate to the networks with smart cards) vs cable TV pirates (they were willing to spend lots of money breaking cards, so they could sell illicit pirate cards to people). I think in the end, the card manufacturers "won" (made cards that the pirates couldn't beat), but I don't know if they have kept that advantage for all these years since then.

[–] A_A 3 points 4 months ago

i have doubts since, from the article, they were able to be : "bypassing the PIN verification for a cryptocurrency hardware wallet" ... so i am waiting and looking for more sources and confirmations.

[–] A_A 10 points 4 months ago* (last edited 4 months ago)

Edit → in header
... "The first of two versions of the RayV Lite will focus on laser fault injection (LFI). This technique uses a brief blast of light to interfere with the charges of a processor’s transistors, which could flip them from a 0 value to a 1 value or vice versa. Using LFI, Beaumont and Trowell have been able to pull off things like bypassing the security check in an automotive chip’s firmware or bypassing the PIN verification for a cryptocurrency hardware wallet.

The second version of the tool will be able to perform laser logic state imaging. This allows snooping on what’s happening inside a chip as it operates, potentially pulling out hints about the data and code it’s handling. Since this data could include sensitive secrets, LSI is another dangerous form of hacking that Beaumont and Trowell hope to raise awareness of." ...


Edit #2 : Can't find this laser fault injection (LFI) on Wikipedia

[–] [email protected] 2 points 4 months ago

Waiting for some MFer to use that shit to cheat it SM64 speedruns... or maybe a TASbot module. 🤔