![](\"https:\/\/media.wired.com\/photos\/6210435398c5aa9edfd4d752\/master\/pass\/Security-Intel-Hacking-Lab_SHO1107.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Wed, 23 Feb 2022 12:00:00 +0000<\/strong><\/p>\n Lily Hay Newman<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n "Evil maid" attacks<\/span> are a classic cybersecurity problem<\/a>. Leave a computer unattended in a hotel and an attacker dressed as an employee could enter your room, plant malware on your laptop, and slip out without leaving a trace. Allowing physical access<\/a> to a device<\/a> is often game over. But if you're building processors that end up in millions of devices around the world, you can't afford to give up so easily.<\/p>\n That's why five years ago Intel launched a dedicated hardware hacking group known as Intel Security Threat Analysis and Reverse Engineering. About 20 iSTARE researchers now work in specially equipped labs in the northern Israeli city of Haifa and in the US. There, they analyze and attack Intel's future generations of chips, looking for soft spots that can be hardened long before they reach your PC or MRI machine.<\/p>\n \u201cPeople don\u2019t always quite understand all the security implications and may feel like physical attacks aren\u2019t as relevant,\u201d says Steve Brown, a principal engineer in Intel's product assurance and security department. \u201cBut this is a proactive approach. The earlier you can intercept all of this in the life cycle the better.\u201d<\/p>\n When hackers exploit vulnerabilities to steal data or plant malware, they usually take advantage of software flaws, mistakes, or logical inconsistencies in how code is written. In contrast, hardware hackers rely on physical actions; iSTARE researchers crack open computer cases, physically solder new circuits on a motherboard, deliver strategic electromagnetic pulses<\/a> to alter behavior as electrons flow through a processor, and measure whether physical traits like heat emissions or vibrations incidentally leak information<\/a> about what a device is doing.<\/p>\n \u201cIt\u2019s about the fun of breaking things.\u201d\u00a0<\/p>\n Uri Bear, iStare<\/p>\n Think about the security line at the airport. If you don't have ID, you could work within the system and try to sweet-talk the TSA agent checking credentials, hoping to manipulate them into letting you through. But you might instead take a physical approach, finding an overlooked side entrance that lets you bypass the ID check entirely. When it comes to early schematics and prototypes of new Intel chips, iSTARE is trying to proactively block any routes that circumnavigators could attempt to use.<\/p>\n \u201cWe basically emulate the hacker, figuring out what would they want to get out of an attack,\u201d says Uri Bear, iSTARE's group manager and a senior security analyst for Intel's product assurance and security department. \u201cWe\u2019re not tasked with just finding security vulnerabilities, we\u2019re also tasked with developing the next generation of attacks and defenses and making sure we are ready for the next thing that will come. We fix things ahead of time, before they\u2019re in the market.\u201d<\/p>\n The mind-bending thing about hardware hacking is that software can also play a role. For example, physics-based \u201cRowhammer\u201d attacks<\/a> famously use little software programs running over and over again to cause a leak of electricity<\/a> in a computer's memory. That strategic glitch physically alters data in such a way that hackers can gain more access to the system. It\u2019s an example of the type of paradigm shift<\/a> that iSTARE researchers are trying to presage<\/a>.<\/p>\n \u201cIt\u2019s about the fun of breaking things,\u201d Bear says, \u201cfinding ways to use hardware that was either blocked or that it was not designed for and trying to come up with new usages. If there were no hackers, everything would be stale and just good enough. Hackers challenge the current technology and force designers to make things better.\u201d<\/p>\n Working in cramped labs stuffed with specialized equipment, iSTARE vets schematics and other early design materials. But ultimately the group is at its most effective when it reverse engineers, or works backward from, the finished product. The goal is to probe the chip for weaknesses under the same conditions an attacker would\u2014albeit with prototypes or even virtualized renderings\u2014using tools like electron microscopes to peer inside the processor's inner workings. And while iSTARE has access to top-of-the-line analysis equipment that most digital scammers and criminal hackers wouldn't, Bear emphasizes that the cost of many advanced analysis tools has come down and that motivated attackers, particularly state-backed actors, can get their hands on whatever they need.<\/p>\n iSTARE operates as a consulting group within Intel. The company encourages its design, architecture, and development teams to request audits and reviews from iSTARE early in the creation process so there's actually time to make changes based on any findings. Isaura Gaeta, vice president of security research for Intel\u2019s product assurance and security engineering department, notes that in fact iSTARE often has more requests than it can handle. So part of Gaeta and Brown's work is to communicate generalizable findings and best practices as they emerge to the different divisions and development groups within Intel.<\/p>\n Beyond Rowhammer, chipmakers across the industry have faced other recent setbacks in the security of core conceptual designs. Beginning in 2016, for example, Intel and other manufacturers began grappling with unforeseen security weaknesses<\/a> of \u201cspeculative execution.\u201d It\u2019s a speed and efficiency strategy in which processors would essentially make educated guesses about what users might ask them to do next and then work ahead so the task would already be in progress or complete if needed. Research<\/a> exploded<\/a> into attacks that could grab troves of data from this process, even in the most secure chips<\/a>, and companies like Intel<\/a> struggled to release adequate fixes on the fly. Ultimately, chips needed to be fundamentally rearchitected to address the risk.<\/p>\n Around the same time that researchers would have disclosed their initial speculative execution attack findings to Intel, the company formed iSTARE as a reorganization of other existing hardware security assessment groups within the company. In general, chipmakers across the industry have had to substantially overhaul their auditing processes, vulnerability disclosure programs, and funding of both internal and external security research in response to the Spectre and Meltdown speculative execution revelations<\/a>.<\/p>\n \u201cA few years back, maybe a decade back, the vendors were much more reluctant to see that hardware, just like software, will contain bugs and try to make sure that these bugs are not in the product that the customers then use,\u201d says Daniel Gruss, a researcher at Graz University of Technology in Austria.<\/p>\n