A simple BBQ lighter has been used to exploit vulnerabilities in laptops, gaining root access through an innovative method known as electromagnetic fault injection (EMFI).
David Buchanan, a professional hardware researcher, demonstrated this unconventional approach and showcased how a piezo-electric BBQ lighter can be repurposed to manipulate laptop hardware and software vulnerabilities.
The researcher, who detailed the process on their blog, used a Samsung S3520 laptop equipped with an Intel i3-2310M CPU and 1GB of DDR3 RAM as the test subject.
The exploit targets the DDR bus that connects the DRAM memory to the rest of the system, specifically focusing on one of the 64 data pins (DQ pins) on the memory module.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)
The researcher’s setup involved soldering a wire to one of the data lines on the DDR3 SODIMM, which acts as an antenna to pick up electromagnetic interference.
By clicking a piezo-electric lighter near this wire, the researcher was able to induce memory errors, consistently flipping a specific bit in 64-bit read or write operations.
Exploiting this hardware vulnerability, the researcher developed two proof-of-concept attacks:
- A CPython sandbox escape: Although CPython isn’t typically sandboxed, this academic exercise demonstrated the potential for manipulating object pointers and creating arbitrary memory read/write primitives.
- A Linux local privilege escalation (LPE): This more practical exploit allows an unprivileged user to gain root access to the system. The attack involves filling physical memory with page tables and then corrupting a page table entry to gain access to arbitrary physical memory.
The Linux LPE exploit proved successful, with the researcher demonstrating the ability to modify the /usr/bin/su executable and spawn a root shell. The exploit’s reliability varied depending on system conditions, ranging from a 20% to a 50% success rate.
This unconventional approach to hardware hacking raises concerns about the security of systems in scenarios where an attacker has physical access. It also highlights the potential vulnerabilities in memory systems and the importance of physical security measures.
The researcher suggests that this technique could potentially be applied to other scenarios, such as bypassing anti-cheat software in gaming PCs or circumventing SafetyNet checks on Android devices.
However, they also note that implementing such attacks on smaller devices like smartphones would present additional challenges.
While this exploit required physical modifications to the laptop, it demonstrates that even low-cost, readily available tools can pose significant security risks when in the hands of a skilled attacker.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
The post Hacking Laptop With a BBQ Lighter to Gain Root Access appeared first on Cyber Security News.
