When you think of a standard hacker toolkit, software vulnerabilities and malware come to mind. But a pair of researchers are testing a different type of instrument: a physical tool that can break into devices with a wave of your hand.

At the recent REcon computer security conference, Red Balloon Security founder Ang Cui and research scientist Rick Housley presented a new approach to hacking a processor that uses electromagnetic pulses to produce specific glitches in hardware. By disrupting normal activity at precise intervals, the technique can defeat the Secure Boot protection that keeps processors from running untrusted code.

Researchers have experimented with “fault injection attacks”—hacks that cause a strategic glitch, which in turn triggers abnormal, exploitable computer behavior—for decades. Those attacks, though, typically require physical access to a target's components.

“The advantage of this technique is that it’s physically noninvasive. You don’t have to touch the device, and you don’t leave any physical marks behind,” Cui says. “There’s no exchange of data at the electromagnetic pulse stage, so this would never be caught by a firewall.”

Insecure Boot

Red Balloon specializes in internet-of-things-intrusion defense; think of it as antivirus software for IoT. But the company has run into problems putting its security tool on IoT devices guarded by Secure Boot. Red Balloon's products don't undermine this safeguard; the company works with vendors to make its software compatible. But the dilemma got Cui and Housley interested in the theoretical question of whether a fault-injection attack could circumvent Secure Boot on locked-down IoT devices.

They started experimenting with the Cisco 8861 VoIP phone model that they had tried and failed to equip with their security product. (Cui also has a history of hacking Cisco phones.) The two found that if they poked the phone’s flash memory with a charged wire at the right moment while it booted up, they could cause a glitch that stopped the boot process. Instead, the phone surfaced access to a command-line interface that Cisco normally uses for debugging. Consumers are never supposed to see it.

Cui and Housley also found vulnerabilities in the TrustZone security scheme of the phone's processor that allowed them to write code on processor memory that was supposed to be protected. (They disclosed these bugs to Cisco in April 2016.) Once they had access to the troubleshooting portal during boot, the researchers could load and execute their own code in a secure part of the processor to override Secure Boot.

Invisible Touch

All of which makes for a complicated hack, and one that requires cracking a phone open when you have a charged wire handy. But Cui and Housley wanted to take the attack a step farther, and realized that a well-timed EMP blast could trigger the same fault. They could execute the whole hack without needing to tamper with the components of the phone.

Lab-grade EM pulsing equipment costs hundreds of thousands of dollars, so instead the researchers built their own system for about $350 using a 3-D printer and readily available components. They plan to release open source schematics of the setup so other researchers can use it too.

Eventually, Cui and Housley worked out that delivering a 300 volt pulse to the phone's RAM 4.62 seconds into startup reliably created the glitch they wanted. With access to the debugging portal, they could use the phone’s console port—an auxiliary port on the back of the phone—to load in and run their Secure Boot override protocol within five seconds.

"The attack’s principle is clever," says Jean-Max Dutertre, a hardware security researcher at École Nationale Supérieure des Mines de Saint-Étienne in France. "Finding a way to bypass timing and spatial resolution issues is always highly effective."