Unlike its software counterpart, manipulated hardware enjoys a dangerous existence in the shadows. However, the threat that Trojans present to companies, countries and private individuals can be quite substantial. For the first time ever, a recent report is shedding a great deal of light on this subject.
In a way, the Greeks’ Trojan horse was the first virus in history. And there is no doubt that what we are dealing with here is “hardware”. As Homer wrote, it is relatively complicated to build, but very effective. And it has been around for a long time: the principle has been saving itself for centuries.
If you Google “Trojan” today, you will get more than two million hits, but only a fraction of them refer to wooden horses. In addition, hardware Trojans are considerably under-represented compared to the software variant. Still, that does not by any means diminish the threat potential. After all, in an extreme case, a hardware Trojan could be used to create a “back door” to an entire chip generation—with unforeseeable consequences. They range from espionage and extortion to sabotaging production processes. Imagine if weapons systems, the energy supply or traffic guidance were equipped with compromised components.
The enemy in the company
Unlike malware, which can now be “assembled” by almost anyone (instructions are available on the Internet), hardware Trojans are the work of experts who have plenty of criminal energy because they have to be “smuggled in” during chip production. In other words, it is absolutely necessary for the perpetrators to be directly involved in the development and production of the chip. That can be at the very beginning when the hardware description is being written. That is when the future functions of a digital circuit are defined. Or it can be in the layout phase, in the mask set or at the very end during wafer production. Actually, manipulation becomes exponentially more complex the closer you get to the final product. Although the risk of getting caught decreases.
The immense complexity makes the hardware method appear incredibly unlikely at first glance. But if you consider the fact that even the industry’s major manufacturers outsource some manufacturing and even development of their chips abroad and that, in many cases, smaller companies buy individual blocks for complex chips such as for connectivity or coding together in various parts of the world, the threat situation becomes much more real. And who can vouch 100% for all of employees or their suppliers all the time?
Hardware Trojan – free report
Unfortunately, many IT executives and decision-makers either still do not yet appreciate or are at least underestimating the danger. However, there are now countermeasures that allow manufacturers and users to better protect their devices. They are outlined in a new report from the Fraunhofer FKIE that provides a comprehensive overview of the threat posed by hardware Trojans. Besides the basics, the report deals with the theoretical threat potential in various sectors as well as actual incidents and possible protective measures.
Free download: “Hardware- und hardwarenahe Trojaner“