In context: Did you know that lasers can be used to infiltrate secure chips and systems? Blasting precise laser pulses allows hackers to glitch transistors, bypass security checks, and more. Until now, this "laser fault injection" technique has required expensive equipment that kept it out of reach for all but the most well-funded researchers and bad actors. But that's about to change thanks to a new open-source gadget called the RayV Lite.
Developed by Sam Beaumont and Larry "Patch" Trowell from cybersecurity firm NetSPI, this $500 rig brings laser hacking capabilities to the maker community and independent hackers. The pair will unveil their creation at the Black Hat conference in Las Vegas this week, according to Wired.
"We're not discovering anything new, in the sense that other people have used lasers this way before. We're doing it at a lower cost so that people can do this in their homes," Beaumont told the publication. Another goal is to push hardware makers to improve chip security by demonstrating how easy and cheap these attacks can be.
The RayV Lite sounds like something out of a sci-fi film. The first version of the tool will focus on the fault injection technique, using a precise laser blast to knock electrons askew inside silicon chips and create glitches that can be exploited. To demonstrate this, the hackers hit an automotive processor at the right millisecond and bypassed security checks, giving full access to the firmware.
There's also a planned second version of the tool. It will use the laser logic state imaging technique to map chips' architecture in real time. By analyzing the patterns of laser light reflecting off different charged areas of the silicon, secrets like code and data can potentially be extracted. The analysis is assisted by machine learning.
Under the hood, the device relies on some clever cost-cutting tricks. The laser comes from an ordinary pointer and costs only $20. In fact, the priciest components of the RayV Lite include the $68 Raspberry Pi computer that provides the brains and two FPGA chips that handle timing, each of which costs nearly $100.
Another clever way to reduce costs is the 3D-printed microscope body, which is based on the OpenFlexure design. Flexible plastic levers allow precise aim down to the nanometer level by minutely bending when actuated by stepper motors.
Of course, NetSPI's white hats have good intentions, hoping to improve chip security by raising awareness of the threat. The duo plans to open-source their tool's design and component list soon, so some awesome new capabilities are likely arriving for tinkerers and researchers on a budget.
Image credit: Thanh Nguyen, NetSPI/Wired