Easy Security Hack: Cracking Firewalls Using Spy Chips

a username and password.

A cybersecurity expert has demonstrated a way to implant spy chips into popular hardware that is so cheap that anyone with US$200 can easily do it. (Image: Screenshot via YouTube)

A cybersecurity expert has revealed a way to secretly implant spy chips in popular hardware products and it’s so cheap that anyone with US$200 can easily do it. Monta Elkins from the security firm Foxguard will be presenting his work at the CS3sthlm security conference this month.

The spy chip

“To create his tiny spy chip, Elkins used a 5 mm Square ATtiny85 chip commonly found on a Digispark Arduino board. He first wrote his hacking code into the chip before removing it from the board and transferring it to a Cisco ASA 5505 firewall. He chose a spot on the Cisco motherboard that would allow the chip to access the firewall’s serial port without needing any additional wiring,” according to Tech Times.

Subscribe to our Newsletter!

Receive selected content straight into your inbox.

Though Elkins could have chosen a smaller chip, he decided to go with ATtiny85 since it was easier to program compared to others available on the market. The chip also could have been hidden more subtly than what Elkins demonstrated. However, he wanted to show the chip’s placement at the conference, which is why it was placed in a relatively easy-to-spot location.

ATtiny85 was programmed in a way that it would carry out the attack as soon as the firewall booted up. “It impersonates a security administrator accessing the configurations of the firewall by connecting their computer directly to that port. Then the chip triggers the firewall’s password recovery feature, creating a new admin account and gaining access to the firewall’s settings,” according to Wired.

The spy chip was placed on the motherboard of the firewall and programmed so that it would carry out the attack as soon as the firewall booted up.
The spy chip was placed on the motherboard of the firewall and programmed so that it would carry out the attack as soon as the firewall booted up. (Image: Screenshot via YouTube)

What is scary is that while the hacker gains control of the network, the administrator won’t even be aware of it. The hacker gets the power to change the firewall configuration any way he wants. By applying reverse engineering, it is possible to reprogram the firewall’s firmware in such a manner that it becomes a full-featured toolset to spy on every aspect of the network.

Elkins wanted to show organizations how easy it is for hackers to gain access to their entire IT network with a minimal budget. He warns that there are people far smarter than he is who can use these methods in a much more dangerous way. Add to it the fact that serious hackers might have more cash and resources at their disposal and the possibility that such spy chips might end up doing significant damage to corporations is significant.

Bloomberg report

Elkins’ spy chip hack comes a year after Bloomberg’s controversial report that suggested Chinese spies were implanting chips in Amazon and Apple servers. Apple did not take to the story kindly, with CEO Tim Cook flatly calling it a lie. Subsequent investigations into the subject by third-party groups also sided with Apple. The fact that Bloomberg was not able to show even one motherboard that contained a spy chip made the claim unbelievable for most security experts.

Elkins’ spy chip hack comes a year after Bloomberg’s controversial report that suggested Chinese spies were implanting chips in Amazon and Apple servers.
Elkins’ spy chip hack comes a year after Bloomberg’s controversial report that suggested Chinese spies were implanting chips in Amazon and Apple servers. (Image: Screenshot via YouTube)

However, Bloomberg has neither retracted its story nor admitted that some parts of it may be false. The story was awarded the ‘Most Over-hyped Bug’ prize as part of the Pwnie Awards, a series of awards given by the security community at the BlackHat USA conference. Though, if proven to be true, organizers agreed that the story would be one of the biggest computer security stories of the year or even the decade.

Follow us on TwitterFacebook, or Pinterest

Recommended Stories

A branch with cherry blossoms.

Cherry Blossom Day: Why It’s Important To Japan

Japan’s Cherry Blossom Day is celebrated on March 27, a momentous day. Although not an ...

Family sharing dinner at the table.

Table Manners 101: How to Teach Your Children Proper Table Manners

Teaching your children table manners is extremely important in their upbringing. But if you’re struggling ...

Victimhood.

6 Key Practices to Stop Being a Victim

Life isn’t fair, and most of the time, you find yourself the victim of particular ...

Chinese family getting food with chopsticks.

Proper Manners Begin at the Dining Table

Manners are a cornerstone of every culture. And while most manners align with the culture ...

A Russian jet spraying a U.S. drone with fuel.

The Black Sea Drone Incident: Avoiding ‘Accidental’ War

The extraordinary footage of a Russian jet intercepting a U.S. drone over the Black Sea ...

Knight was a military bull.

An Awesome Bull (Part 1)

In 1940, the Germans invaded Belgium and quickly occupied much of the country. When the ...

A German Shepherd.

An Awesome Bull (Part 2)

The change to the bull’s prisoner-of-war status made General von Bock very angry. He sent ...

US Assistant Secretary of State for East Asian and Pacific Affairs David R. Stilwel

U.S. Diplomat: ‘China Is a Lawless Bully’

David Stilwell, U.S. Assistant Secretary of State for the Bureau of East Asian and Pacific ...

Two acorns with oak leaves in the background.

Reviving Ancient Delicious Acorn Dishes

The acorn nut is familiar to many, often used in decorations, jewelry, and crafts. But ...

Send this to a friend