Security is paramount in modern life especially with the nature of data that is commonly transmitted over the internet. Debit cards, passwords, bank accounts, and personal information are all regularly sent, which is why encryption was established fairly quickly after hackers began exploiting the lack of security. Despite security teams and companies doing their best to fight against hackers and malicious computer users, the attackers still find methods around security.
It has become such a problem that the Russian agencies are going back to typewriters as to prevent information leak and theft. While it may sound old-fashioned or silly, the fact is that the use of hard copies really does prevent cyber attacks. This use of typewriters is similar to why many people do not keep a file on their computer with all their pin numbers and passwords. While it is not advised, keeping passwords on hard copy (a note, for example), is much safer than keeping them on a computer (remember, the note requires physical access).
Many people believe that hackers can only get to confidential information through the use of software and the internet. However, there are many other ways that hackers can obtain data with one method involving actual theft of the device. If you have password protection on your laptop or computer then surely you are safe? Well, this is not the case for a multitude of reasons. Here is one way your hardware can shoot you in the foot (in terms of security):
RAM in Sleep Mode
During a wake from sleep, the OS will request a password to log back on to a user. However, programs that where running or data that was stored in RAM is still in RAM. For example, imagine a login to a website on a browser or an encrypted file that was open. If they where in RAM when the computer enters sleep then they are still in RAM when the computer wakes up. Therefore, if the hacker can access the data bus directly to RAM they can access the data using a DMA attack (Direct Memory Access).
RAM Content Dissipation
We all know how RAM in modern devices is dynamic which requires frequent refreshing to retain the contents in memory. Once the power is disconnected or the RAM refresh cycles are stopped, the information in RAM is lost. But what if I told you that were not entirely the case? Firstly, if the computer is forced to restart without a power down cycle, the computer will boot as normal but the contents of RAM can still be the same. If the hacker inserts their own boot disk they could very easily have access to all RAM locations. At that point, a simple program could copy the contents onto an external hard drive which puts all the confidential information held in RAM onto permanent storage that does not need a password to be accessed.
Remember how manufacturers and retailers always tell you to keep software up-to-date? Well, the same applies to BIOS code and firmware on hardware. Bugs in BIOS can give programs unprecedented access to RAM contents while bugs in wake-sleep cycles can result in RAM content theft by hackers. One bug in particular that is a cause for concern is to do with the silicon itself. As transistors have become smaller, the physical distance between adjacent RAM cells has become much smaller which has lead to neighbor cells affecting each other. In other words, a bit in memory can actually be flipped by constantly accessing the bits around that memory location. The reverse is also true; a program that places confidential information in a memory location can alter the memory locations around that point. Hackers can read adjacent unprotected cells to determine the actual value of the memory location as seen in this paper by Intel Labs (PDF).
So how can we combat this problem? Some solutions do exist such as Microsoft BitLocker software, but they are either slow or cannot provide the full amount of security needed to protect RAM contents. However, researchers from Concordia University (Canada) may have a solution.
Researchers Lianying Zhao and Mohammad Mannan have written a paper on a piece of software (opens .pdf) they have created called Hypnoguard which protects RAM when a computer enters sleep mode. The software encrypts the entire contents of RAM before entering sleep mode and upon wake up enters an environment-bound, password-based process. The software relies on an external co-processor called a Trust Platform Module (TPM) which is common in most modern laptops (making the hardware requirements minimal). The key needed to decrypt the RAM contents is held in the Trust Platform Module which requires a password entered by the user to unlock. If too many failed attempts are made, the software proceeds to wipe the contents of RAM. A brute-force attack against the encrypted data would produce no result as such an attack is similar to a brute-force attack against a high-entropy key, thanks to the TPM protection. To give numbers on the time needed to crack modern encryption, the fastest supercomputers on the planet could crack a 128-bit AES key in 1 billion billion years
The software itself not only protects RAM but it takes a very short amount of time to actually perform the encryption. As stated in their research paper (PDF), Hypnoguard can encrypt 8GB of RAM in one second on a computer with a i7-4771 CPU by taking advantage of multi-core processing and AES-NI. The Hypnoguard itself is not dependent on an OS or run-time environment which provides a security level that is deeper that the OS itself, thus protecting the RAM from OS bugs.
A TPM co-processor for security.
But sleep-mode related RAM vulnerabilities is only one set of weaknesses that can be exploited by malicious individuals. Fortunately, new advances are providing a realm of solutions for testing for and preventing exploiting other vulnerabilites in hardware.
Minding the Gap
On February 2nd, 2017 it was announced that Rapid7, Inc. has introduced new capabilities for hardware application of the Metasploit Framework. The open source software is the world’s “most-used penetration testing software” and tests for security weaknesses, targeting those that allow unauthorized access to system features and data.
The Metasploit Framework previously relied on an Ethernet network; however, this new development integrates raw network and direct hardware manipulation. With the Internet of Things universe continuing to expand at a rapid rate, bridging the gap between software and hardware vulnerability testing is a crucial development. In addition to IoT testing, security teams can now test Industrial Control Systems and Software Defined Radio, without having to take time away from development to create custom tools for this, as was previously required. Currently, the innovation is being targeted towards automotive capabilities, addressing a major security risk in smart car development. However developers are not stopping there, with new hardware applications being promised in the coming year.
A world that is becoming ever more dependent on computers and the internet is a world of higher productivity and instant communication. However, if security is not taken more seriously, we will become more vulnerable to attack. Considering the number of times that information is leaked from governments and the number of devices stolen (1000 misplaced government devices, for example), advancements like these serve to not only satisfy intellectual curiosity but also the greater good in new, tangible ways.