Demonstration of Hardware Trojans (Defcon 16)

Electronic devices such as mobile phones, laptops, music players have become an integral part of our daily life. Do we ever consider the possibility that these could be used to compromise our privacy and leak our deepest digital secrets? In this Defcon 16 talk titled "Demonstration of Hardware Trojans" University of Delaware professor Fouad Kaimilev and his graduate student Ryan Hoover demonstrate the triviality of building hardware trojans into devices during the design and fabrication process. These modifications can be cleverly done without changing the overall functionality of the device, thus making them virtually undetectable. In this talk they demonstrate 3 techniques a hardware trojan can use to leak information - thermal, optical and radio. Also, these trojans are activated only when a certain sequence of input is sent to the device, thus making them inert for most of the time.

This is a serious problem as most of the hardware for consumer electronics at least is imported from other countries. The only probably to secure the situation would be to have very strict security and quality checks during the design, fabrication and production steps. However, given the sheer number of such common devices out there and factoring this by the complexity of individual chips within it, this is probably practically impossible to enact in real life.

Overall, its a great talk. Good to see academia finally doing some interesting research. I am posting 2 videos - the first is a short one consisting of the demo of the trojan hardware in the lab, the second is the actual Defcon talk. The slides for the talk are available here. 

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net