InfoSecBulletin Cybersecurity for mankind
“At the upcoming Black Hat cybersecurity conference in Las Vegas, Sam Beaumont and Larry ‘Patch’ Trowell from NetSPI, a security firm, will showcase their new laser hacking device, the RayV Lite.
They intend to release the design and component list of their tool as open source, enabling anyone to access laser-based techniques for reverse engineering chips, exploiting vulnerabilities, and uncovering secrets. These methods were historically limited to researchers affiliated with well-funded companies, academic labs, and government agencies.”
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
Advanced tools for using light for hacking, like the Riscure Laser Station, usually cost around $150,000, and even cheaper versions are close to $10,000. However, Beaumont and Trowell managed to build their own for less than $500 using 3D printing and affordable parts.
The creators aim to show that laser-based hacking techniques are more accessible than many hardware designers think. They want to make it clear that these methods are now more affordable and practical. They hope to give DIY hackers and researchers a new tool while also pushing hardware manufacturers to improve their product’s security against this type of hacking.
The RayV Lite was created by Beaumont and Trowell with a focus on two laser hacking methods. One method, called laser fault injection (LFI), involves using a short burst of light to disrupt the charges of a processor’s transistors. This can cause the bits to change from 1 to 0 or vice versa. By carefully triggering these bit flips, more significant effects can occur. For example, Beaumont tested an automotive chip and discovered that glitching the chip with a laser at a specific moment can bypass a security check that protects the chip’s firmware. This leaves the chip vulnerable and allows her to scan its code for potential weaknesses.
Cryptocurrency wallets can also be vulnerable to LFI, which involves glitching the chip when it asks for a PIN to unlock the cryptographic key and access the owner’s funds. “You take the chip off the crypto wallet, hit it with a laser at the right time, and it will just assume you have the PIN,” says Trowel. “It just jumps through the instructions and gives the key back.”
Laser logic state imaging is a hacking technique that involves using a laser to surveil a chip’s architecture and activity in real time. By bouncing laser light off the chip and analyzing the results, hackers can map out the physical layout of the processor and access sensitive data that the chip is handling. This technique often involves the use of machine learning tools. Full report here.
Source: :Wired
