Posted on 05/15/2003 4:25:18 AM PDT by chance33_98
Latest hacking tool is a light
Novel way to break security systems
By Staff at the Newsdesk: Thursday 15 May 2003, 09:08
SECURITY ON even the most carefully built systems can be breached using a light according to Sudhakar Govindavajhala, a Princeton University student. A report on News.com states that he has managed to break into supposedly secure systems using the most novel of techniques: using a light.
Breaking into the systems requires physical access, how else would you shine a light on the system? The technique is fairly simple though not guaranteed to work every time. One of the ability of energy to cause bits to flip. Shine a powerful light on a RAM chip for long enough and bits will start to change.
Flipping bits isn't going to do anything more than crash a system so Govindavajhala has a sneaky addition. He inserted a program of his own at a known point in memory and then filled the rest of memory with its address. Govindavajhala found that filling 60% of the memory with the address of his program and then causing the machine to crash caused his program to run 70% of the time.
Govindavajhala pointed out that, while PCs were not too vulnerable to this sort of attack, the biggest danger is to security cards that contain their own processor. "There are smart cards that use Java that you could shine a light on, flip a bit and get access to the card's data."
It won't be quite as simple as that, anyone who has worked with Java will tell you that finding out where your program is in memory would be enough of a task in itself. But a little ingenuity soon comes up with a solution to that problem, you just have to be careful how you write your code and be prepared to trash a few cards before you get it right.
More interestingly, this sort of attack could be used to break into supposedly secure systems at a hackers leisure. Microsoft's Anti-Trustworthy Computing concept is a fairly obvious target, as is the Xbox
I could think of better things to do with a flashlight at a university.... :)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.