Protecting Against Physical Chip Implant Attacks from the Supply Chain

BY

Tom Ricoy

|

June 25, 2020

Persistent Data Access via Hardware Addition

Potentially the best way to gain completely undetectable persistence PC access for years is with a chip implant. Mitre Att&ck refers to this as Hardware Additions (Mitre Att&ck T1200).  The only way to guarantee there are no chip implants is via regular physical visual inspection and comparison of a PC motherboard, components, and wires to manufacturers’ verified design drawings. Multiple solutions have been released to demonstrate the implant possibility and risk including PicoDMA.

The most famous case is the much refuted and debated Super Micro supply chain chip implant case.  Whether reality or not, the possibility is enough to make it a serious concern.

PC manufacturers have enabled chassis intrusion detection switches on the PC chassis, however it is rarely enabled and used.  Furthermore it is not available on all PC models (for example, two of the largest PC OEMs have chassis intrusion detection on desktops but not laptops.)

For an adversary to implant a chip, all it would take would be bribing (and there are many documented bribery cases) an IT admin, consultant, contractor with after-hours access to your facility, employee, etc. to gain access to a PC and implant a chip on any one of the PCs or servers in your environment.  And of course there is the risk of malicious insiders and disgruntled employees.

This area of concern also includes components being swapped out for ones with malicious code or direct physical reflashing of a component firmware with additional malicious firmware code, not just chip implants.

Everest Security Chip for Data Protection

The Cigent Security Chip on the Everest drive is the only way to consistently and reasonably address these concerns. The chip has multiple sensors to detect data attacks and protect it:

  • Ransomware detection using embedded machine learning algorithms that are trained with known good and bad data access patterns to prevent ransomware from encrypting files, while allowing encryption solutions like Bitlocker to still run  
  • Imaging sensor detects imaging/cloning data removal attempts
  • Erasure sensor prevents full or partial data wiping
  • Boot detection protects against reboots from alternate O/S (external/second drive as well as detecting data access attempts from O/S running on chips or an implanted chip)

Threat detection and data protection is built into the drive itself and requires no operating system software. It runs independently to detect threats coming from chip implants or components on the system. In the case of a threat detection the drive will completely cut off access to the protected data from all components. Access to the data and ability to clear threats is enabled through special software from Cigent.

Cigent D3E protects your files in a way that's never been done before.

Learn More

Explore more articles.

Protect your organization's most valuable asset—your data.

Contact Us