“Inside the Lab Where Intel Tries to Hack Its Own Chips”
WIRED, February 23, 2022
Security
By Lily Hay Newman
“Researchers at iSTARE have to think like the bad guys, finding critical flaws before processors go to production.”
“Evil maid” attacks are a classic cybersecurity problem. Leave a computer unattended in a hotel and an attacker dressed as an employee could enter your room, plant malware on your laptop, and slip out without leaving a trace. Allowing physical access to a device is often game over. But if you’re building processors that end up in millions of devices around the world, you can’t afford to give up so easily.
That’s why five years ago Intel launched a dedicated hardware hacking group known as Intel Security Threat Analysis and Reverse Engineering. About 20 iSTARE researchers now work in specially equipped labs in the northern Israeli city of Haifa and in the US. There, they analyze and attack Intel’s future generations of chips, looking for soft spots that can be hardened long before they reach your PC or MRI machine.
“People don’t always quite understand all the security implications and may feel like physical attacks aren’t as relevant,” says Steve Brown, a principal engineer in Intel’s product assurance and security department. “But this is a proactive approach. The earlier you can intercept all of this in the life cycle the better.”
When hackers exploit vulnerabilities to steal data or plant malware, they usually take advantage of software flaws, mistakes, or logical inconsistencies in how code is written. In contrast, hardware hackers rely on physical actions; iSTARE researchers crack open computer cases, physically solder new circuits on a motherboard, deliver strategic electromagnetic pulses to alter behavior as electrons flow through a processor, and measure whether physical traits like heat emissions or vibrations incidentally leak information about what a device is doing.
Think about the security line at the airport. If you don’t have ID, you could work within the system and try to sweet-talk the TSA agent checking credentials, hoping to manipulate them into letting you through. But you might instead take a physical approach, finding an overlooked side entrance that lets you bypass the ID check entirely. When it comes to early schematics and prototypes of new Intel chips, iSTARE is trying to proactively block any routes that circumnavigators could attempt to use.
About the Author:
Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate magazine and was the staff writer for Future Tense, a publication and project of Slate, the New America Foundation, and Arizona State University. Additionally her work has appeared in Gizmodo, Fast Company, IEEE Spectrum, and Popular Mechanics. She lives in New York City.
