In recent years, physical attacks have been somewhat in the background, but this does not mean that they have disappeared. Intel is aware of this, and is fully active in this regard with iSTARE, a unit made up of a group of hardware-level attack experts who analyze the possible attacks that their processors could suffer new generation to identify bugs, critical flaws and security issues before they go into production. We have also seen it recently, and it is that Intel is clear that security begins in the hardware.
It is true that it is not usual for an attacker to have physical access to our PC or laptop, but this does not mean that it is impossible. Think, for example, of what can happen if you are traveling for work and leave your laptop alone for a moment to go to the bathroom, or the risk of leaving your equipment in your hotel room while you go out for a break. In the end, the danger of a physical attack is greater than we imagine, which is why Intel iSTARE works hard to address these types of risks.
Steve Brown, Principal Engineer in Intel’s Product Safety and Assurance department, commented:
“People don’t always understand all the security implications and may feel that physical attacks are not that relevant. But this is a proactive approach. The earlier you can intercept all of this in the lifecycle, the better.”
Intel iSTARE wants anticipate problems, find solutions before they occur, and its experts focus on security linked to physical and hardware attacks. To accomplish that goal, they conduct such interesting research as, say, opening a computer case, soldering new circuitry onto a motherboard, emitting strategic electromagnetic pulses to alter behavior as electrons flow through a processor and then measure whether key physical characteristics of the processor, such as heat emissions or system vibrations, leak information about what a device is doing.
Uri Bear, iSTARE Group Manager and Senior Security Analyst for Intel Product Security and Assurance, explained:
“Basically what we do is mimic the hacker, figuring out what they would want to get out of an attack. We are not limited to finding security vulnerabilities, we are also tasked with develop the next generation of attacks and defenses and making sure we’re ready for what’s to come. We fix problems before they happen, and we fix things before they hit the market.”
Bear also commented on something very interesting, which is that finding ways to use hardware that is locked down, or finding new uses for which it was not designed, is also critical to dealing with new hackers, and he said that the challenge posed by supposed hackers a challenge that forces them to do things better. There is no doubt that addressing vulnerabilities while there is still enough time to resolve them is of significant value to customers, both financially and reputationally.
