An ordinary grill lighter has been utilized to identify vulnerabilities in laptops, achieving root privileges through a novel method called electromagnetic fault injection (EMFI).
Professional hardware researcher David Buchanan showcased this unorthodox technique by repurposing a piezo-electric BBQ lighter to manipulate laptop hardware and software flaws.
The researcher, who documented the procedure on their blog, selected a Samsung S3520 laptop containing an Intel i3-2310M CPU and 1GB of DDR3 RAM as the experimental subject.
The breach specifically aims at the DDR bus, connecting the DRAM memory to the system, with a focus on one of the 64 data pins (DQ pins) on the memory module.
In their setup, the researcher attached a wire to a data line on the DDR3 SODIMM, acting as an antenna to capture electromagnetic interference.
By positioning a piezo-electric lighter near this wire, the researcher successfully induced memory errors, consistently flipping a specific bit in 64-bit read or write operations.
Utilizing this hardware weakness, the researcher created two proof-of-concept attacks:
- An CPython sandbox evasion: While CPython is not usually sandboxed, this academic demonstration showcased the potential for manipulating object pointers and establishing arbitrary memory read/write mechanisms.
- A Linux local privilege elevation (LPE): This more pragmatic breach enables an unprivileged user to achieve root access to the system. The incursion involves saturating physical memory with page tables and then sabotaging a page table entry to reach arbitrary physical memory.
The Linux LPE attack was effective, with the researcher revealing the ability to alter the /usr/bin/su executable and launch a root shell. The exploit’s success rate varied based on system conditions, ranging from 20% to 50%.
This unconventional method of hardware manipulation raises concerns about system security when an intruder has physical access. It underscores the vulnerabilities in memory systems and the significance of physical security precautions.
The researcher proposes that this tactic could potentially be extended to other scenarios like bypassing anti-cheat software on gaming PCs or evading SafetyNet verifications on Android devices.
Nonetheless, they also acknowledge that executing such maneuvers on compact devices such as smartphones would pose additional complexities.
Although this breach necessitated physical alterations to the laptop, it underscores how even economical, widely available tools can pose considerable security risks in the hands of a skilled adversary.
The article Hacking Laptop With a BBQ Lighter to Gain Root Access was originally published on Cyber Security News.