Hardware Security Breaches: Alarming Exploits Beyond Tampering
Hardware Security Breaches: Alarming Exploits Beyond Tampering
Volume 9, Issue 9, September– 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24SEP1231
Hardware Security Breaches: Alarming
Exploits Beyond Tampering
Johnbasco Vijay Anand. J1
Cyber Security Head,
NeST Digital Private Limited,
Bangalore, 560 048
Abstract:- Side Channel Attacks (SCAs) and Fault When supply chain attacks are combined with techniques
Injection Attacks have emerged as significant threats to like Side Channel Attacks (SCAs) and Fault Injection Attacks,
the security of electronic devices. This paper explores these the risk multiplies. SCAs allow attackers to extract sensitive
hardware attack vectors in the context of recent incidents data by observing subtle physical characteristics of the device,
[11] involving pagers and walkie-talkies. We shall deep such as power consumption or electromagnetic emissions.
dive into the possible mechanisms of these attacks, how Meanwhile, fault injection techniques [2] manipulate the
they can be combined for increased efficacy, and their device’s operation by introducing errors in voltage or timing,
implications for device security. This paper discusses only enabling attackers to bypass security features or corrupt data.
the possible ways [1] the adversaries could have exploited These combined methods can be devastating, as attackers can
and may include other attack vectors such as supply chain gain full control of communication devices, creating
attack and few others. The aim of this paper as we discuss far-reaching consequences for security, privacy and the
the potential attack mechanisms is only to focus on integrity of entire systems.
mitigations and awareness of the reader to perform
advanced security testing. In this paper, we focus on several recent attack vectors
that have led to catastrophic consequences [11]. These attacks
I. INTRODUCTION go beyond compromising the basic CIA triad of hardware
systems; they pose direct threats to human life. Confidentiality
In today’s interconnected world, communication devices is no longer just about protecting Personally Identifiable
like walkie-talkies, pagers and other critical systems have Information (PII); it's about ensuring that users maintain trust
become essential tools for various sectors, ranging from public and confidence in the system, whether it's software or
safety to private enterprise. However, the recent wave of hardware. The true danger lies in eroding that confidence,
unexplained failures in these devices has drawn attention to making systems unsafe to use regardless of their design.
alarming security vulnerabilities at the hardware level.
Traditionally considered more secure than their software II. SIDE CHANNEL ATTACKS
counterparts, hardware components are now increasingly
targeted by sophisticated attacks. These attacks not only SCAs exploit the indirect information emitted by
exploit flaws in the physical construction of chips but also electronic devices during operation. These attacks are
leverage side channels and fault injection techniques [3] to generally non-invasive[5] and passive, requiring no physical
compromise the integrity and functionality of the device. As tampering with the device. The two Phases of SCA are
we’ve seen with recent incidents, the consequences can be monitoring and data analysis phase
catastrophic, causing widespread disruptions to vital
communication networks. Monitoring Phase
Attackers measure the device's physical characteristics
One of the most concerning aspects of these hardware under normal operation. This includes:
attacks is the growing prevalence of supply chain attacks,
which compromise devices even before they reach the end Power Consumption Analysis: The attacker measures
user. By introducing malicious elements, such as hardware fluctuations in the device's power consumption, typically
Trojans, during the design or manufacturing process, attackers during cryptographic operations, to extract sensitive
can create backdoors that provide unauthorized access to information like encryption keys.
sensitive systems. These malicious modifications [4] are often Electromagnetic Radiation Monitoring: The attacker
undetectable through standard testing procedures, allowing records electromagnetic emissions produced by the device
compromised devices to be deployed in critical environments. to infer patterns and reveal data being processed.
Once activated, these Trojans can disable security Timing Information Analysis: The attacker monitors the
mechanisms, leak sensitive information, or render devices time taken by the device to complete specific
inoperative. The result is a compromised communication computations, identifying variations that can expose
network [3] that is vulnerable to external exploitation, leading internal processes or secrets.
to large-scale failures.
IJISRT24SEP1231 www.ijisrt.com 2260
Volume 9, Issue 9, September– 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24SEP1231
Acoustic Signal Observation: The attacker listens to sounds
emitted by the device, such as keystrokes, to deduce the
data being entered or processed.
Optical Emission Analysis: The attacker observes light
signals, such as LED activity, to gather clues about the
device’s internal states or operations.
Thermal Monitoring: The attacker monitors the heat output
of the device, using temperature changes to infer operations
or sensitive data being processed.
Data Analysis Phase
The Collected data is processed using statistical and
mathematical techniques to extract sensitive information, such Fig 1 Faultier Voltage Glitching Device Connected to a
as cryptographic keys or proprietary algorithms. Tagging Device where the Voltage Glitch is Aimed.
III. FAULT INJECTION ATTACKS Clock Glitching
Manipulating the clock signal that synchronizes the
Once attackers have gathered sufficient information operations of a device can introduce errors during critical
through SCAs, they can launch a Fault Injection Attack [6] to processes like encryption. This can weaken cryptographic
induce abnormal behavior in the device. Fault Injection defenses, allowing attackers to extract sensitive data.
Attacks are hardware-based attacks that exploit vulnerabilities
by deliberately introducing (INJECTING) errors [5] into a Data Corruption and Manipulation
system's operation. They are particularly dangerous because Attacks targeting the data used by software, such as user
they can bypass traditional security measures that protect inputs, hard-coded values, or configuration settings, can alter
against software-based threats. Faults of different types are the program's behavior. This can lead to unauthorized actions
injected into the hardware and listed below are few of the or the exposure of confidential information.
potential threats in the recent times:
Electromagnetic (EM) Glitching
Voltage Glitching EM glitching uses electromagnetic fields[3] to induce
By suddenly altering the supply voltage—either faults non-invasively. Attackers can disrupt a device's
increasing or decreasing it—attackers can create faults within operation without physical contact, making this method
the circuit. This abrupt change can cause the device to behave stealthy and effective.
unpredictably, potentially granting access to privileged
information or disrupting normal operations. In order to Laser Fault Injection
perform voltage glitching a faultier [12] device is connected to By directing a laser at specific points on a chip, attackers
the target device and the glitch is performed as shown in Fig – can influence signal timing and flip bits in memory
A. It is also observed that, components like SRAMs. This precise method [7] allows for
targeted manipulation of a device's internal processes.
With any of the above Fault Injection techniques, the
attackers could glitch at precise moments, causing the device
Where P is the Dynamic Power required to charge and to malfunction. This might lead to:
discharge capacitors in a system.
Corrupting Memory or Registers through which the
V is the voltage and f is the frequency of the operation. Attackers can flip bits in memory or registers, potentially
altering critical instructions or data, which could cause the
When logical values change from 0 to 1 or vice versa, it device to bypass security checks or expose sensitive
results in higher power consumption compared to when the information.
logical value remains constant. The leakage current of a logical Device crash, potentially resetting the system or allowing
device is also related to the input value to that device. attackers to execute arbitrary code.
Bypassing Authentication or Encryption by manipulating
cryptographic operations, attackers could bypass
authentication mechanisms or even extract cryptographic
keys directly.
IJISRT24SEP1231 www.ijisrt.com 2261
Volume 9, Issue 9, September– 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24SEP1231
IV. SUPPLY CHAIN ATTACKS Possible Side Channel Attack (SCA):
One potential vector could involve Power Analysis to
Supply chain attacks pose a significant threat to hardware extract sensitive operational data from communication
security by compromising devices before they reach end users. devices. Attackers could have monitored power consumption
In this type of attack, malicious actors tamper with hardware patterns in the pagers to identify key operations or trigger an
components during manufacturing, distribution or assembly. unexpected device response. By exploiting power
This can involve right from the hardware design [8] by consumption fluctuations during specific computations,
introducing backdoors at the digital logic design, inserting attackers might have used this information to manipulate the
hardware Trojans, backdoors or faulty components into devices remotely or bypass security mechanisms. In a
devices like communication systems, enabling attackers to real-world scenario, SCAs could act as reconnaissance tools to
exploit vulnerabilities once deployed. These attacks are further exploit vulnerabilities, such as triggering hidden
particularly dangerous because they are often undetectable by backdoors or malicious functions embedded within the device.
standard testing methods, making the affected hardware
unreliable and insecure, potentially leading to breaches in the Potential Fault Injection Attack:
CIA triad (Confidentiality, Integrity, Availability) while the A plausible Fault Injection Attack technique that might
OEM may still consider the vulnerable ones as a Trusted IC have been employed is Voltage Glitching. By rapidly altering
[9]. the voltage supply to the communication devices, attackers
could have caused the pagers and walkie-talkies to
In recent middle east (Lebanon communication devices malfunction, potentially triggering an explosive event. Such
explosions) case [11], though the investigations are ongoing, attacks could induce errors in the device’s processing system,
supply chain compromises may have happened to embed leading to system instability or bypassing security controls. In
malicious modifications that allow attackers to control, this hypothetical case, the sudden detonation of multiple
monitor or even sabotage devices, highlighting the need for devices may point to a coordinated fault injection, possibly
rigorous hardware security measures throughout the product combined with prior reconnaissance through SCA, to trigger
lifecycle. the explosion at a precise time.
V. COMBINING DIFFERENT ATTACK VECTORS Supply Chain Compromise Hypothesis:
Another critical vector that could have played a role is a
The catastrophic effect of a combined security attack [11] Supply Chain Attack. During the manufacturing or distribution
including SCA, Fault Injection and Supply chain attack can be phase, malicious actors might have compromised the hardware
best explained with a case study as explained below. components, embedding hardware Trojans [9] or integrating
explosive materials into the design. This hypothetical supply
The following analysis presents some of the possible chain infiltration could have resulted in pagers and
attack scenarios based on theoretical data points and technical walkie-talkies being fitted with modified batteries or chips that
research. It is important to note that these are hypothetical contained hidden triggers or remote-controlled explosives.
examples and do not reference any specific real-world The use of such a Trojan could explain how these devices were
incidents. This discussion is intended for educational purposes manipulated post-distribution, allowing attackers to remotely
only and should not be construed as a description of actual activate the malicious functions at a specific time.
events.
Case Study Conclusion:
Case Study: This theoretical case study demonstrates how multiple
A Hypothetical Analysis of Potential Attack Vectors in attack vectors could potentially be combined to exploit
the Lebanon Communication Devices Explosion The recent vulnerabilities in communication devices. Side Channel
explosion [11] of communication devices, such as pagers and Attacks could gather essential information, Fault Injection
walkie-talkies in Lebanon, raises critical concerns regarding Attacks might trigger system malfunctions and Supply Chain
potential security vulnerabilities in hardware design. While Compromises [8] could introduce pre-existing vulnerabilities
investigations are still ongoing, various attack vectors, that remain hidden until remotely activated. It is crucial to
including Side Channel Attacks (SCAs), Fault Injection recognize that this analysis is based on hypothetical scenarios
Attacks and Supply Chain Compromises[4], could and does not suggest definitive conclusions about the recent
hypothetically have contributed to such an event. This case incidents, which are still under investigation. The intent here is
study explores possible scenarios, focusing on how these to provide insight into possible attack strategies and their
attack techniques might have been utilized, while implications for hardware security.
acknowledging that this is a theoretical exploration based on
available technical data. Disclaimer:
The above analysis presents potential ways these attacks
could occur and is not a definitive account of real-world
events. This article is speculative and intended solely for
educational purposes.
IJISRT24SEP1231 www.ijisrt.com 2262
Volume 9, Issue 9, September– 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24SEP1231
VI. INEVITABLE HARDWARE account of real-world events. This article is speculative and
SECURITY TESTING intended solely for educational purposes.
The complexity of modern hardware demands robust VII. CONCLUSION
testing methodologies to ensure system security, especially
against threats such as Hardware Trojans. Testing is critical As our reliance on communication devices grows, so
because attackers can exploit vulnerabilities that standard does the urgency of securing the hardware that powers them.
checks might overlook. This paper explored possible attack vectors like SCAs, Fault
Injection and Supply Chain attacks—highlighting how each
Test time approaches focus on running test patterns to could compromise critical systems. The potential for these
identify anomalies in system behavior. However, covering all attacks to cause widespread damage underscores the need for
potential vectors is impractical due to the sheer number of test proactive hardware security. By adopting comprehensive
vectors required for large circuits. To mitigate this, random testing approaches [8], such as side channel analysis, runtime
test-based methods have emerged, but these are not foolproof, monitoring and leveraging technologies like TPMs and
as rare test vectors might fail to activate hidden hardware PUFs[5], we can ensure that the integrity, confidentiality and
Trojans[7]. A complementary strategy involves side channel availability of devices are maintained.
analysis (SCA), where power consumption, timing delays and
electromagnetic (EM) emissions are monitored during system As we are increasingly dependent on secure
execution to detect irregularities. For example, power side communication, hardware security is no longer optional; it is
channel analysis measures supply current at both quiescent and vital to maintaining trust in technology. We must prioritize
transient stages to spot variations. Although effective, these hardware security as an essential part of overall system
methods are sensitive to noise and fabrication variations, protection, addressing vulnerabilities before they lead to
leading to potential false alarms. real-world consequences. The path forward demands rigorous,
continuous testing and innovation to defend against evolving
In addition to test time approaches, runtime monitoring is threats, ensuring that the devices we depend on remain safe and
a critical layer of protection. By continuously observing reliable.
system behavior in real time, this approach can catch Trojans
missed by initial testing. While runtime monitoring enhances Author Profile
detection, it does come with trade-offs, as it requires dedicated Johnbasco Vijay Anand is an advisory cyber security
resources and may introduce performance overhead. architect at NeST Digital Private Limited and he heads the
cyber security competency. He is also a parttime Ph.D. scholar
Beyond traditional methods, innovations like Trusted in the area of Quantum Key Distribution. He holds dual
Platform Modules (TPMs), Physical Unclonable Functions master(s) degree in Physics and Computer Application. His
(PUFs) and watermarking provide hardware-based security area of interest includes Hardware Security, Quantum Fault
features. TPMs ensure cryptographic keys are securely injection analysis, Quantum-Resistant Hardware and is also
generated and stored, enhancing authentication mechanisms interested in advanced research in cyber security hardening
[6]. Meanwhile, PUFs leverage the unique physical using Quantum Computing and Artificial Intelligence.
characteristics of individual components to generate
unclonable identifiers, adding another layer of security against REFFERENCES
cloning and tampering.
[1]. The Hardware Security Threat Landscape and Possible
Testing is also vital in securing FPGA-based systems, Countermeasures: A Survey. ACM Computing Surveys
which are increasingly used for flexible cryptographic (CSUR), vol. 53, no. 6, 2020.
implementations. These systems are susceptible to both [2]. M. Tehranipoor and F. Koushanfar, "Trustworthy
software and hardware attacks, including side channel exploits Hardware: Trojan Detection and Prevention Methods
and Trojan insertions. Effective testing in FPGAs requires a in Supply Chain," IEEE Design & Test of Computers,
combination of secure design practices and robust testing to vol. 27, no. 1, pp. 10-25, 2010.
mitigate vulnerabilities. The role of hardware testing [8] [3]. J. Rajendran, et al., "Hardware Trojans: Threats and
extends beyond detection—it is foundational in ensuring that Emerging Solutions," Proc. IEEE, vol. 102, no. 8, pp.
devices perform securely and reliably in the real world, making 1229-1247, 2014.
it a crucial element in building trusted systems. [4]. G. T. Becker, F. Regazzoni, C. Paar, and W. Burleson,
"Stealthy Dopant-Level Hardware Trojans: Extended
Thus, hardware testing is inevitable in safeguarding Version," IEEE Trans. on CAD of Integrated Circuits
devices from the ever-evolving landscape of hardware-based and Systems, vol. 33, no. 12, pp. 1778-1791, Dec.
threats. The combination of test time approaches, runtime 2014.
monitoring and secure design practices must be integrated to [5]. P. Kocher, J. Jaffe, and B. Jun, "Differential Power
create a comprehensive defense strategy. analysis presents Analysis," in Proc. Advances in Cryptology
potential ways these attacks could occur and is not a definitive (CRYPTO), pp. 388-397, 1999.
IJISRT24SEP1231 www.ijisrt.com 2263
Volume 9, Issue 9, September– 2024 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165 https://doi.org/10.38124/ijisrt/IJISRT24SEP1231
[6]. Y. Jin and D. Sullivan, "Hardware Security: Threat
Models and Security Requirements," in IEEE
International Symposium on Hardware Oriented
Security and Trust (HOST), 2016.
[7]. M. Potkonjak et al., "Hardware Trojan Design and
Implementation Challenges," in IEEE Int. Conf. on
Computer Design (ICCD), 2011.
[8]. D. Mukhopadhyay, R. S. Chakraborty, and C. Paar,
"Hardware Security: Design, Threats, and Safeguards,"
IEEE Computer Society, 2013.
[9]. T. Xu, W. Burleson, and D. Holcomb, "Using
Environmental Noise as a Source of Entropy for Purely
Digital True Random Number Generators," IEEE Trans.
on Computers, vol. 62, no. 8, pp. 1524-1537, 2013.
[10]. M. T. Rahman and M. Tehranipoor, "A Comprehensive
Survey of Defense Mechanisms against Hardware
Trojan Attacks," IEEE Trans. on Design and Test, vol.
30, no. 1, pp. 26-45, Jan. 2013.
[11]. https://en.wikipedia.org/wiki/2024_Lebanon_pager_ex
plosions
[12]. https://www.hextree.io/
