InfoSecBulletin Cybersecurity for mankind
“At the upcoming Black Hat cybersecurity conference in Las Vegas, Sam Beaumont and Larry ‘Patch’ Trowell from NetSPI, a security firm, will showcase their new laser hacking device, the RayV Lite.
They intend to release the design and component list of their tool as open source, enabling anyone to access laser-based techniques for reverse engineering chips, exploiting vulnerabilities, and uncovering secrets. These methods were historically limited to researchers affiliated with well-funded companies, academic labs, and government agencies.”
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
Advanced tools for using light for hacking, like the Riscure Laser Station, usually cost around $150,000, and even cheaper versions are close to $10,000. However, Beaumont and Trowell managed to build their own for less than $500 using 3D printing and affordable parts.
The creators aim to show that laser-based hacking techniques are more accessible than many hardware designers think. They want to make it clear that these methods are now more affordable and practical. They hope to give DIY hackers and researchers a new tool while also pushing hardware manufacturers to improve their product’s security against this type of hacking.
The RayV Lite was created by Beaumont and Trowell with a focus on two laser hacking methods. One method, called laser fault injection (LFI), involves using a short burst of light to disrupt the charges of a processor’s transistors. This can cause the bits to change from 1 to 0 or vice versa. By carefully triggering these bit flips, more significant effects can occur. For example, Beaumont tested an automotive chip and discovered that glitching the chip with a laser at a specific moment can bypass a security check that protects the chip’s firmware. This leaves the chip vulnerable and allows her to scan its code for potential weaknesses.
Cryptocurrency wallets can also be vulnerable to LFI, which involves glitching the chip when it asks for a PIN to unlock the cryptographic key and access the owner’s funds. “You take the chip off the crypto wallet, hit it with a laser at the right time, and it will just assume you have the PIN,” says Trowel. “It just jumps through the instructions and gives the key back.”
Laser logic state imaging is a hacking technique that involves using a laser to surveil a chip’s architecture and activity in real time. By bouncing laser light off the chip and analyzing the results, hackers can map out the physical layout of the processor and access sensitive data that the chip is handling. This technique often involves the use of machine learning tools. Full report here.
Source: :Wired
