This 3D printed laser chip-hacking device uses a $20 laser pointer, costs $500 to build, and was developed so that 'people can do this in their homes'
Me? I spend my weekends going for long country walks. Ah who am I kidding, I want one.
Laser hacking. If there's one phrase that says we're already living in the future I imagined as a kid, it's laser hacking, or to give one method its more technical term, "laser fault injection". While laser-based hacking techniques aren't exactly new, you'd usually need advanced and expensive machinery to pull off such an advanced trick.
However, two hackers at the security firm NetSPI plan to present their open source, 3D printable solution, called the RayV Lite, at the Black Hat cybersecurity conference in Las Vegas later this week (via Wired). Costing just $500 to construct and using many off-the-shelf components, the duo hope that the device will bring laser hacking to the masses.
First, a primer: Modern chips use transistors that are incredible small. So small, in fact, that they're vulnerable to tiny variations in charge. Laser hacking devices using the laser fault injection method use a precisely targeted and timed laser blast (a sentence I always wanted to write) to knock electrons out of place and cause a glitch on the chip.
By identifying an exact time and place to focus the laser, hackers can potentially disrupt hardware security measures and gain access to all sorts of chip capabilities that would otherwise be under lock and (hardware) key.
Normally, you'd need some serious hardware and a whole lot of cash to achieve such an effect. However, Sam Beaumont and Larry "Patch" Trowell have designed a tool that uses a set of relatively cheap and widely available components, including a $20 laser pointer, a Raspberry Pi, and an open source 3D printed microscope design to achieve the same effect.
The creators hope to encourage hardware manufacturers to secure chips against laser hacking methods, after being told by clients that laser fault injection and similar methods of attack were too expensive to enact and thereby not a high priority to secure against. By creating a device that supposedly costs a mere $500 to build, they hope to show that such attacks are now capable of being enacted by DIYers and hobbyists.
"We're not discovering anything new, in the sense that other people have used lasers this way before" says Beaumont. "We're doing it at a lower cost, so that people can do this in their homes."
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
In testing, one automotive chip glitched with a laser bypassed a security check that allowed the hackers to scan through its code to identify vulnerabilities. Cryptocurrency wallets protected by a PIN are vulnerable too, according to the researchers:
"You take the chip off the crypto wallet, hit it with a laser at the right time, and it will just assume you have the PIN. It just jumps through the instructions and gives the key back."
The first version of the tool will focus on laser fault injection, while a later version is planned to make use of a different method using laser logic state imaging. This more advanced technique uses a laser to monitor a chips architecture and activity to map out data as it's being processed, revealing vulnerabilities that can later be exploited.
Best gaming PC: The top pre-built machines.
Best gaming laptop: Great devices for mobile gaming.
While laser-based hacking methods seem like something that's come straight from the pages of science fiction novels, it seems like this tool has a good chance of enabling a new generation of hobbyists to start messing with the precious electrons flowing around our electronic devices.
While security is the primary concern here, having access to a relatively cheap tool that can target, disrupt, and reveal the inner workings of immensely complicated silicon will hopefully further the understanding of many. Either that, or your hardware crypto wallet just became a whole lot more vulnerable to the tyranny of lasers, rather than simply being prone to slipping down the back of the sofa—or given the volatility of the crypto market, an occasionally expensive paperweight.
Andy built his first gaming PC at the tender age of 12, when IDE cables were a thing and high resolution wasn't. After spending over 15 years in the production industry overseeing a variety of live and recorded projects, he started writing his own PC hardware blog in the hope that people might send him things. And they did! Now working as a hardware writer for PC Gamer, Andy's been jumping around the world attending product launches and trade shows, all the while reviewing every bit of PC hardware he can get his hands on. You name it, if it's interesting hardware he'll write words about it, with opinions and everything.