Forensics Journal - Stevenson University 2014 | Page 61
STEVENSON UNIVERSITY
Sparkfun Electronics was subpoenaed for their customer database
because a similar malicious embedded device was discovered in a gas
pump in Coweta County, Georgia (Seidle). As embedded technology becomes easier to understand and programming code becomes
more pervasive on the Internet, the more germane the technology will
become to motivated criminals. The boundaries of criminal potential
and utility are not only continually being expanded but also being
streamlined in the process. This was discussed in July, 2012 at the
Black Hat Conference in Las Vegas, Nevada when Cody Brocious, a
security researcher for Mozilla Software Corporation, demonstrated
that with “less than $50 of off-the-shelf hardware and a little bit of
programming, it is possible for a hacker to gain instant, untraceable
access to millions of key card-protected hotel rooms” (Anthony). The
device configuration could be accomplished in less than 15 minutes
while all the programming software is freely available on the Internet.
This demonstration transferred embedded malicious hardware from
the realm of tech savvy hackers to the everyday activities of criminals.
device to execute directed missions such as confidential communication interception. The introduction of malicious hardware into systems
running critical national infrastructure presents a clear and present
danger. Large scale manipulation of hardware was articulated by the
Defense Science Board Task Force 2005 report on High Performance
Microchip Supply. The report noted, “Because of the U.S. dependence
on advanced technologies whose provenance is progressively more
offshore, opportunities for an adversary to clandestinely manipulate
technology used in U.S. critical microelectronics applications are
enormous and increasing” (Department of Defense 14). The Defense
Science Board has noted that this type of malicious hardware can be
placed in any domain that inherently relies on circuit based technology. However, the most common large scale malicious hardware operation that law enforcement is likely to encounter would be some form
of covert communication interception and/or corporate espionage.
The 2005 Defense Science Board report was referenced by an October, 2012 report released by U.S. Government House Intelligence
Committee. The 2012 report announced that there could be substantial security risks if domestic companies purchase communications
equipment from Chinese companies such as Huawie or ZTE (House
of Representatives, Permanent). In the report, Chairman Mike
Rogers (R-MI) stated, “Any bug, beacon, or backdoor put into our
critical systems could allow for a catastrophic and devastating domino
effect of failures throughout our networks” (House of Representatives,
Permanent). These interlocutor devices include communication infrastructure components such as routers, switches and other evolving
man-in-the-middle communications technology that could allow for a
variety of espionage acts.
SCOPE OF MALICIOUS HARDWARE
Malicious embedded technology resides in a large illicit domain. The
criminal potential ranges from misdemeanor crimes (e.g. breaking and
entering - as in the hotel door locks) to national infrastructure failures
(e.g. gas pipelines, water treatment and power facilities). This massive scope complicates law enforcement countermeasures. One logical
response is to create a basic taxonomy of malicious device attacks.
A hierarchical measure of malicious technology is now necessary for
both forensic investigators and digital forensic researchers to facilitate
these complex investigations. However, current research revealed the
lack of a viable malicious hardware classification strategy. The lack of
any classification strategy may be attributed to the variety of available
microcontrollers and endless potential device circuit manifestations.
Further impediments to identifying an organized taxonomy are complicated by the disparity in technological acumen required to turn a
microcontroller into a malicious device and the availability of malicious related programming through mediums such as the Internet.
The suggestion that a taxonomy of malicious hardware be created is,
in itself, a clarion call to any digital forensic unit.
The utility of malicious embedded systems is only bounded by a
criminal’s imagination. Small scale operations can leverage microcontroller technology to supplant wireless utility meter readings thus in
effect modifying utility company billing. A microcontroller’s inherent small size and power make them uniquely attractive for placing
remote sensing devices in a variety of discrete locations. There are
two fundamental inherent qualities of embedded malicious hardware
that are cause for law enforcement concern. First, today’s embedded
microcontroller reduced form means that they can be integrated with
commercially developed devices and covertly placed inside the manufacturer’s original casing. Second, light weight and reduced power
consumption equates to longer lasting operation when powered by
Lithium Polymer battery technology thereby enhancing their autonomous and prolonged functionality.
While this paper asserts the ease of use and accessibility of microcontrollers such as the Arduino will facilitate criminal potential, there
exist even more advanced and sophisticated microcontrollers such as
the ARM (found in many modern cell pho