Changes in Hardware Security

We are seeing interesting changes in how researchers and attackers are exploring methods to undermine systems and devices.  Increasingly, focus is being aimed at the hardware.

Vulnerability and exploit research is accelerating across the board with better tools, greater funding, and improved methods.  As a result, more potential avenues of attack are being discovered and developed for hardware and the firmware which controls it.

Although hardware it is arguably the most difficult domain to find usable weaknesses to exploit, the rise of interest continues to be relentless.  The reason for this is simple.  It is about control.

As security is becoming more robust in software, attackers are looking in other areas for even more powerful means to control systems.  Hardware and firmware have a distinct advantages over software.

Modern computers are like a layered cake.  With data is at the top, resting on software, virtualized environments, operating systems, and at the foundation is the firmware and hardware.  The lower you can access in this technology stack, the more control you achieve over the system. 

There is an old adage in cybersecurity “physical access trumps all”.  It references the fact that if an attacker can get their hands on a computer and its components, they have an excellent chance of compromising the system.  It comes down to having access to the hardware and firmware.  With such control, attackers can mirror the system, install tools, swap out elements, copy raw data, and test the system in a variety of different ways.  Such fundamental control can undermine the core trust of the device.  In theory, being able to hack hardware remotely can give similar advantages to attackers.

Hardware attacks are incredibly difficult but ultimately very powerful if successful.  They have ability to bypass almost all security controls and detection capabilities rooted in software as well as remain persistent over time, resisting actions to evict and restore normal trust.  Most modern security resides in software.  Nowadays, applications and operating systems are the heavyweights and do most of the work to protect systems.  Off the shelf security software is really just an application with many having special hooks to bind closer with the operating system.  But they have limitations as they are reside in the same layer as most of the attacks.  Hardware and virtual environments residing underneath have greater understanding to what is occurring above and can significantly affect the visibility and capabilities of such protective software.

Controlling the hardware is a coveted advantage.  For this reason, researchers and attackers will continue to accelerate their investment in undermining hardware and devices.  It is difficult however.  It takes very particular expertise, patience, and time.  Many attackers lack such characteristics, but a growing community of professional researchers, academia, nation states, and organized criminals are willing to commit to the investment, driven by a variety of different motivations.  

In 2016 we will see more research, some vulnerabilities discovered, but largely hardware hacking will still remain outside the reach of most attackers.  Hardware and device hacking will become even more prevalent with the growth of IoT devices, sensors, appliances, and vehicles but will also occur across the traditional compute landscape of PC’s, networking equipment, and servers.

Hardware is the final frontier for those seeking to undermine security, and is the root of trust for those wishing to defend it.  This is a battle for a prize which we, in the security technology industry, will be talking about for years to come.

Interested in more?

• Hardware security and other topics will be discussed at the upcoming McAfee Labs: What’s in store? Cyber threats in 2016 and beyond live webcast on Jan 20th 2016.  Space is limited. Reserve your place today.
• The Intel Security McAfee Labs 2016 Threat Predictions white paper is now available.  Download your copy for free. 
• Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear more on what is going on in cybersecurity.